Though, … can not get a connection and almost giving up!
Please, if someone could share a TinyGSM with SSL? that would be great!
(the example of ESP8266 with BearSSL is not compatible…).
Finally, to get the BEGIN and END header using openssl s_client -connect 4ad85b7fade04d07911be2ac1da2f5e4.s2.eu.hivemq.cloud:8883 -showcerts < /dev/null 2> /dev/null | sed -n '/BEGIN/,/END/p' > server.pem
I think I am doing something wrong? if you can please touch on this topic? that would be also nice.
Hey I am also trying to attempt something similar to this but I am using SIM900A
Did you figure out a way to obtain a SSL connection, if yes can you please share it ?
Hi, thanks for the reply.
According to the datasheet of the SIM900A it supports HTTPS connection along with SSL certification,
I am using the TinyGsmClientSecure, SSLClient abd PubSubClient to connection with the HiveMQ server. The connection succeeds if Wifi is used but for it failing with state -2 (MQTT_CONNECT_FAILED) when the SIM module is used
Thank you for providing further information regarding your device. Supporting TLS is unfortunately not enough: In order to connect the HiveMQ Cloud (Free or PayG), the TLS SNI extension should be supported by the device and used.
The TLS SNI extension (Server Name Indication) adds a hostname to the ClientHello packet.
Can you confirm that your device does support the TLS SNI extension?
If you cannot confirm that by looking at the vendor’s documentation, you can check this empirically: use Wireshark and capture packets between your device and the broker. Please find the screenshot, which is illustrating where exactly to look, here: Client is not authorized to connect - #37 by simon_b
If the device does support the TLS SNI extension but does not use it, you will need to refer to the vendor’s documentation and find instructions on how to enable the TLS SNI extension there.
I hope this helps.
Kind regards,
Dasha from HiveMQ Team
Hi @Daria_H,
I went through the product documentation and found out that the module indeed supports SSL and TLS
These is the summary of the SSL/TLS Features
Support SSL 3.0 and TLS 1.0
Support SSL client only
Support 512 bits and 1024 bits exportable and non-exportable cipher suits
Support RSA and Ephemeral Diffie-Hellman key exchange method
Support RSA(with MD5,SHA1 or MD2) and DSS signature algorithm
Support Mutual authentication
Support SSL re-handshake
Support DES, 3DES, AES, RC2, and ARCFOUR (compatible with RC4) algorithms.
Support resumed handshake.
Support user interaction in certificate processing.
Further I also tried https connection to check if a secure connection can be made from this module using AT commands, after couple of tries it also worked
However I am unable to connect to the HiveMQ PayG using the SSLClient library and TinyGSM but it is falling to connect.
In order to establish a secure connection to the Free or PayG cluster the client must support and use the TLS extension called SNI (Server Name Indication). The TLS-SNI extension adds the hostname information to the ClientHello packet.
To verify, you can use a network analyzer like a Wireshark, capture the ClientHello packet, and confirm whether it is using the Server Name Indication Extension and indicating the hostname. Please refer to the screenshot in the following post in order to see where and what to check: Client is not authorized to connect - #37 by simon_b