Sunday, 27 March 2022

Python Eclipse Paho Client - TLS Connection to MQTT Broker Exception: No ciphers available

I am trying to create a connection to a TLS (TLSv1) secured MQTT Broker(Rabbitmq with MQTT Plugin enabled) with the python implementation of the eclipse paho client. The same works fine with the MQTTFX application which is based on the java implementation of paho. For this i am using self signed certificates.

    Java version uses: 
    CA-File: ca_certificate.crt 
    Client Certificate client_cert.crt  
    Client Key File: client_key.key 
    Python Version should use:  
    CA-File: ca_certificate.pem 
    Client Certificate: client_cert.pem  
    Client key file: client_key.key

I tried to establish a connection like this:

    import ssl
    
    import paho.mqtt.client as paho
    
    # Locations of CA Authority, client certificate and client key file
    ca_cert = "ca_certificate.pem"
    client_cert = "client_certificate.pem"
    client_key = "client_key.pem"
    
    # Create ssl context with TLSv1
    context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
    context.load_verify_locations(ca_cert)
    context.load_cert_chain(client_cert, client_key)
    
    # Alternative to using ssl context but throws the exact same error
    # client.tls_set(ca_certs=ca_cert, certfile=client_cert, keyfile=client_key, tls_version=ssl.PROTOCOL_TLSv1)
    
    client = paho.Client()
    client.username_pw_set(username="USER", password="PASSWORD")
    client.tls_set_context(context)
    client.tls_insecure_set(False)
    client.connect_async(host="HOSTNAME", port="PORT")
    client.loop_forever()

Which results in the following error:

    ssl.SSLError: [SSL: NO_CIPHERS_AVAILABLE] no ciphers available (_ssl.c:997)

Could it be that I need to explicitly pass a cipher that the broker supports or could it be due of an older openssl version? I am a little bit lost right now, maybe someone has a clue on how to solve this.

Edit: I got it to work by myself but still not sure why exactly it works now.

  1. Changed context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
    to context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
  2. Changed client.tls_insecure_set(False)
    to client.tls_insecure_set(True)


from Python Eclipse Paho Client - TLS Connection to MQTT Broker Exception: No ciphers available

No comments:

Post a Comment