Mqtt Client Timeout Issue

HiveMQ Community Edition
1

HI Everyone,

I have trying to connect on-premise hivemq broker from firmware code and I’m getting always below image error. Even though we have made changes in broker configuration by increasing no-connect-idle-timeout-mills to 90 sec. Still struggling with same issue.

Broker config.xml

<mqtt>
        <no-connect-packet-idle-timeout-millis>90000</no-connect-packet-idle-timeout-millis>
        <max-queued-messages>1000</max-queued-messages>
</mqtt>

image
image872×74 26.7 KB

Please help me with resolution that would be great help to us.

Thanks,
Rahul

2

Hi @Rahul

Welcome to the HiveMQ Community Forum! We’re thrilled to have you here.

Your engagement is crucial to us, and we’re committed to helping you resolve this matter. To provide you with the best assistance, kindly share a bit more context:

  1. Affected HiveMQ CE Version: Which version of HiveMQ CE are you using? This helps us understand the environment you’re working in.
  2. MQTT Client Version: Could you please specify the version of the MQTT client you’re using in your firmware code?
  3. Actual Behavior: Describe the specific issue you’re facing when connecting to the on-premise HiveMQ broker.
  4. Expected Behavior: Explain what you’re expecting to happen during the connection process.
  5. Steps to Reproduce: Detail the steps you’re taking before encountering the error. This enables us to replicate and diagnose the issue.
  6. Reproducer Code: If possible, share a snippet of your firmware code related to the connection.

This information will enable us to offer targeted assistance and guide you towards a resolution. Thank you for reaching out, Rahul!

Best regards,
Dasha from HiveMQ Team

3

Hi @Daria_H ,

Please find below details :

Affected HiveMQ CE Version : hivemq-ce:2023.3

Actual Behavior: Whenever we are establishing communication with broker we are getting below error :
Client Log :
[SL-MBEDTLS::INFO] Performing the mbedTLS SSL/TLS handshake…
[SL-MBEDTLS::INFO] Success ! SSL/TLS handshake completed !
[SL-MBEDTLS::INFO] Verifying peer X.509 certificate…
[SL-MBEDTLS::INFO] Success !
[SL-MBEDTLS::ERROR] connection was closed gracefully

[SL-MBEDTLS::ERROR]  mbedtls_ssl_read returned 0

[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Connection Socket 1 was removed

[SL-MBEDTLS::INFO]  SlNetIfWifi_close:: Listener Socket 1 was removed

Sever Log :

image
image879×362 127 KB

Expected Behavior: Hive mq broker should be able to response to client and client can able subscribe topics.

MQTT Client Version: client embedded into SimpleLink CC32xx SDK v7.10.0.13 and package ti.net.mqtt 1.0.0

Please let me know if you are require any other info.

Thanks
Rahul

4

@Rahul ,
Your log indicates that, from the broker side, the client did not finish the TLS handshake.

You can follow these troubleshooting instructions to diagnose and resolve the problem.

Step 1: Enable Verbose Output in HiveMQ

1.1. To gain insight into HiveMQ’s side of the connection establishment, you can utilize Java Virtual Machine (JVM) options.

1.2. Modify the startup instructions for HiveMQ by adding the following line to the variables section in the run.sh script (located at /opt/hivemq/bin/run.sh):

JAVA_OPTS="$JAVA_OPTS -Djavax.net.debug=ssl,handshake"

1.3. Alternatively, for a temporary solution, you can directly add the option to $JAVA_OPTS in the executing shell:

JAVA_OPTS="$JAVA_OPTS -Djavax.net.debug=ssl,handshake" ./bin/run.sh

Step 2: Use OpenSSL for Insight

2.1. The openssl command line utility provides tools for working with SSL and can help you gain meaningful insight into the connection process.

2.2. One particularly useful tool for this purpose is s_client, a minimal SSL client implementation. It’s ideal for examining the communication between an MQTT client and a broker during the connection process.

2.3. Use the following command to utilize s_client and enable verbose output:

openssl s_client -connect ${hostname}:8883 -CAfile ca.cert.pem -key client-key.pem -cert client-cert.pem -debug

Replace ${hostname} with the actual hostname of your node, and ensure the port (8883 in this case) matches your node’s configuration.

Please note that the above troubleshooting steps are designed to help you diagnose SSL secured connection issues in HiveMQ. Follow these instructions carefully, and make sure to replace placeholders with actual values from your environment. By enabling verbose output and utilizing OpenSSL’s s_client, you’ll be able to gain insights into the connection process and pinpoint potential problems.

Best regards,
Dasha from HiveMQ Team