Link to the documentation is correct and what I have been following.
I have used MQTT Explorer as well as HiveMQ Cloud to check the user/password which is accepted.
Cert
And successfully connected to the websocket client
I note the following which may be a issue during the SSL handshake.
In the document most but not all sections state
if not declared x is default
In saying that section 10.2.12 AT+CSSLCFG Configure the SSL Context does not set a default.
Section details this…
Ciphersuites
Numeric type, SSL ciphersuites
0X002F TLS_RSA_WITH_AES_128_CBC_SHA
0XFFFF Support all
AT+CSSLCFG: “ciphersuites”,(0-9),(0x002F,0Xffff)
Running the commmand AT+CSSLCFG? returns these logs we see the SSL context is session 0
20:53:33.948 -> AT+CSSLCFG?
20:53:33.995 ->
20:53:33.995 -> +CSSLCFG: 0,4,1,1,300,"isrgrootx1.pem","","",1,"",0x0
20:53:34.121 -> +CSSLCFG: 1,4,0,1,300,"","","",0,"",0x0
20:53:34.166 -> +CSSLCFG: 2,4,0,1,300,"","","",0,"",0x0
20:53:34.260 -> +CSSLCFG: 3,4,0,1,300,"","","",0,"",0x0
20:53:34.356 -> +CSSLCFG: 4,4,0,1,300,"","","",0,"",0x0
20:53:34.447 -> +CSSLCFG: 5,4,0,1,300,"","","",0,"",0x0
20:53:34.494 -> +CS+CSSAT+CSSLCFG="enableSNI",0,1
Note:
//result is +CSSLCFG: 0,4,2,1,300,"isrgrootx1.pem","","",0,"",0x0
//0: The SSL/TLS context ID. In this case, it is the default context, which is ID 0
//4: The SSL/TLS protocol version. In this case, it is TLS 1.2
//2: The SSL/TLS cipher suite. In this case, it is AES_128_CBC_SHA256
//1: The SSL/TLS authentication mode. In this case, it is server authentication only
//300: The SSL/TLS timeout in seconds
//"isrgrootx1.pem": The filename of the CA certificate
//"": The filename of the client certificate
//"": The filename of the client private key
//0: The SSL/TLS verify mode
//"": The domain name used for server verification
//0x0: Reserved
So if my thinking is correct I should set Support All which will complete the handshake?
AT+CSSLCFG="ciphersuites",0,0xFFFF //TLS_RSA_WITH_AES_128_CBC_SHA
AT+CSSLCFG="ciphersuites",0,0x002F //Support all
Connect code
// Connect to MQTT server
modem.sendAT("+CMQTTCONNECT=0,\"tcp://xxx.s1.eu.hivemq.cloud:8883\",60,1,\"xxx\",\"xxx\"");
if (!modem.waitResponse(120000)) {
Serial.println("CMQTTCONNECT command failed");
return false;
}
Connect AT command
AT+CMQTTCONNECT=0,"tcp://xxx.s1.eu.hivemq.cloud:8883",60,1,"xxx","xxx"
Note that the AT+CMQTTCONNECT returns
18:43:04.398 -> AT+CMQTTCONNECT=0,"tcp://xxx.s1.eu.hivemq.cloud:8883",60,1,"xxx","xxx"
18:43:05.373 -> MQTT Connect success
18:43:05.373 -> AT+NETOPEN?
18:43:05.419 ->
18:43:05.419 -> +CMQTTCONNECT: 0,32
Error 0,32 is SSL session 0 code 32 handshake fail