HiveMQ Cloud: cipher suite is not supported by client device

We have activated a cloud broker whose configuration needs to be changed in order to meet cipher suites available on a commercial client device whose firmware is not under our control.

More in details, client device supports below cipher suites:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

Potentially, HiveMQ could be configured to meet these requirements, as stated here: Security :: HiveMQ Documentation

How could we configure our cloud/managed instance (33d63ba0e1df4667a80bd92c190a51e4.s2.eu.hivemq.cloud)?

Thanks!

Hello and welcome to the community forums maiorfi,

Currently it is not possible to configure these suites in the cloud product. HiveMQ Cloud only offers a standard set of cipher suits.
TLS_RSA_WITH_AES_256_CBC_SHA is a cipher suit supported both by HiveMQ Cloud as well as your device. Do you know if your device supports TLS 1.2?
Is it possible for you to provide a debug SSL log from one such device so we can get a better understanding of why it is failing?

~ zingiber

It’s really weird, but it seems that now our client devices succeeds in connecting to our managed broker instance…did you change anything on configuration?

Is there any other reason that could explain what is happening (devices firmware wasn’t updated and configuration wasn’t edited)?

I’m happy to hear you can now connect. My colleagues from the HiveMQ Cloud team just confirmed that no configuration was changed.

Enjoy your broker!