带有SSL的MQTT“对等连接重置”错误

Question

我正在使用Raspberry Pi将消息发布到VPS中的MQTT代理。我使用了python paho-mqtt脚本，并收到此错误：

Traceback (most recent call last):
  File "mqttpub5.py", line 14, in <module>
    client.connect("mydomain.com",8883,60)
  File "/usr/local/lib/python3.4/dist-packages/paho/mqtt/client.py", line 839, in connect
    return self.reconnect()
  File "/usr/local/lib/python3.4/dist-packages/paho/mqtt/client.py", line 994, in reconnect
    sock.do_handshake()
  File "/usr/lib/python3.4/ssl.py", line 804, in do_handshake
    self._sslobj.do_handshake()
ConnectionResetError: [Errno 104] Connection reset by peer

这是我的python脚本

#!/usr/bin/env python3

import paho.mqtt.client as mqtt
import time

def on_connect(client, userdata, flags, rc):
  print("Connected("+str(rc)+"). Publishing Message...")


client = mqtt.Client()
client.username_pw_set("myusername","mypassword")
client.tls_set("/etc/ssl/certs/ca-bundle.crt")
client.tls_insecure_set(True)
client.connect("mydomain.com",8883,60)
client.on_connect = on_connect
client.loop_start()

count=0
while count<20:
 count=count+1
 client.publish("test","test no."+str(count))
 time.sleep(1)

print("Message Published")
client.disconnect()

我以为是因为证书问题，但是当我使用以下命令发布时：

mosquitto_pub -h mydomain.com -t test -u myusername -P mypassword --cafile /etc/ssl/certs/ca-bundle.crt -p 8883 -m message

发布的消息没有问题。 我正在VPS中使用“让我们加密”

这是我从Pi运行脚本时来自代理的日志：

1573442272: mosquitto version 1.6.7 starting
1573442272: Config loaded from /etc/mosquitto/mosquitto.conf.
1573442272: Opening ipv6 listen socket on port 1883.
1573442272: Opening ipv4 listen socket on port 1883.
1573442272: Opening ipv4 listen socket on port 8883.
1573442272: Opening ipv6 listen socket on port 8883.
1573442272: Opening websockets listen socket on port 8083.
1573442281: New connection from xx.xx.xx.xxx on port 8883.
1573442281: OpenSSL Error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
1573442281: Socket error on client <unknown>, disconnecting.

我在另一台计算机上使用了相同的脚本，并且可以正常工作。

任何帮助将不胜感激。谢谢

Answer 1

似乎解决方案只是升级。错误出现时，我的Mosquitto版本为Raspbian Jessie，版本为1.3.4。我使用Mosquitto 1.4.10版将Raspbian升级到Stretch，问题消失了

Answer 2

最适合我的解决方案是在tls_set（）中设置TLS版本： `

import time
import paho.mqtt.client as paho
import ssl

#define callbacks
def on_message(client, userdata, message):
  print("received message =",str(message.payload.decode("utf-8")))

def on_log(client, userdata, level, buf):
  print("log: ",buf)

def on_connect(client, userdata, flags, rc):
  print("publishing ")
  client.publish("topic1","message")


client=paho.Client() 
client.on_message=on_message
client.on_log=on_log
client.on_connect=on_connect
print("connecting to broker")
client.tls_set("/home/admin/certs/server_iot.crt", tls_version=ssl.PROTOCOL_TLSv1_2)

client.tls_insecure_set(True)
client.connect("iot.eclipse.org", 8883, 60)

##start loop to process received messages
client.loop_start()
#wait to allow publish and logging and exit
time.sleep(1)