SSL Exception in HiveMQ logs


We are using HiveMQ version 4.5.0 Professional Edition. When we tried to fetch kubernates pod logs, we are getting SSL exceptions (attached screenshot). But we could able to connect to HiveMQ broker and fetch those messages using MQTT CLI.

Can someone please explain why this exception is occurring and how to prevent this error ?

Hi @Shaku ,

Thank you for contacting us. From the fragment of the log you sent it seems that your client is offering the broker to use SSLv3 that your broker does not accept. The fact that your client anyway manages to communicate with the broker might indicate that after the SSLv3 is rejected, the broker and the client perform a negotiation process and pick up that TLS version that is supported both by the broker and the client.

You can configure explicitly which TLS protocol version and which Ciphers your broker TLS listener support, please refer here for the configuration instructions: Security :: HiveMQ Documentation

Please note:

  • You indicated that you have a HiveMQ Professional Edition. If you are already a customer, please raise your requests via Customer Support Portal.
  • You indicated that you have HiveMQ version 4.5. Please note this version is soon end-of-life. We strongly recommend to upgrade to the latest version (4.8.x). Please refer here to see which versions are currently supported: Jira Service Management

I hope this helps,
Dasha from HiveMQ team

Thanks for your response @Daria_H .

From the above passage please find my understanding, the mqtt client is using some TLS version which is offered for broker to use as well but the broker is not accepting that. Instead it accepts when the TLS version which is configured on mqtt client and broker are same and supported. Is my understanding right?

Should i explicitly define the TLS protocol version in HiveMQ broker config.xml file and mqtt client (which acts as subscriber) too for this exception to get resolved?

Also, we are in the progress of upgrading from 4.5.x to 4.8.x version.

yes, please do that and let me know if you still see any errors in the log.
Dasha from HiveMQ team