Connect to Greengrass Core V2 - no cipher suites in common TLS-ECDHE-ECDSA-...

0

Hi, I am trying to connect a client device to a Greengrass Core (V2) and encounter the error in the following image on the core. I checked the list of cipher suites sent by the client in Client hello and two of them are found on this page : TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 and TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256. Is there any special setting required to support TLS-ECDHE-ECDSA-... ciphers? Thanks!

  • Hi, the page you linked is for Greengrass V1 only as shown in the banner at the top.

1 Answer
0

Hi,

The enabled cipher suites depend on your Java installation, you can follow https://support.azul.com/hc/en-us/articles/360061894852-Which-security-protocols-and-cipher-suites-are-enabled-in-a-specific-Java-Release-bundle in order to see what cipher suites are included as supported by your Java installation.

AWS
EXPERT
answered 2 years ago
  • Hi, I just tried the suggested method and TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 and TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 are part of the list of supported ciphers. Any other debugging suggestion? Thanks!

  • Only TLS v1.2 is supported by Greengrass for security. Does your device support TLS v1.2?

    Please also provide the list of supported ciphers from your Java installation as well as the client device.

  • Please also provide the full logs from Greengrass prior to and including the cipher error.

    Look for any other warnings or errors.

  • Hi, I attached GG log and list of ciphers from the Java installation and the client (from the SSL handshake) here: https://www.transfernow.net/dl/20220707OJeeNbgh. Yes, the device supports TLS v1.2.

  • I also checked the server certificate used by the broker using this command: openssl s_client -showcerts -connect localhost:8883 and it seems to be ECDHE-RSA-AES256-GCM-SHA384. Maybe this is the issue? Then how can I configure the MQTT broker to use ECDSA?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions