Ask a Question

Azure IOT Hub Connection via TLS

0 votes
by (120 points)

Hello,

we are trying to connect to an Azure IOT Hub via a Rebex TLS socket, but we cannot establish a stabel connection.

We are using SAS Token and connect seems to succeeded but after publishing the first data through the TLS socket (TLS V1.2 is used), the socket receives 0 bytes an closes instantly.

Here is a trace:

Thread id; Unused;Timestamp in ms;Context;Message;Misc
M2MFacade.ConnectThread 0x6B2194A";"";"63785022517833";"TLSCOMMUNICTAION";"Culture: en. windows-1252";;
"thread 0x9090EFA";"";"63785022522942";"TLSCOMMUNICTAION";"Enabled cipher suites: 0x000F3DF7EBE00640.";;
"thread 0x9090EFA";"";"63785022522966";"TLSCOMMUNICTAION";"Applicable cipher suites: 0x00003C002BE00640.";;
"thread 0x9090EFA";"";"63785022522974";"TLSCOMMUNICTAION";"Some ephemeral Diffie-Hellman ciphers are enabled. These might be slow on legacy platforms.";;
"thread 0x9090EFA";"";"63785022522979";"TLSCOMMUNICTAION";"Some AES/GCM ciphers are enabled. These might be slow on legacy platforms.";;
"thread 0x9090EFA";"";"63785022523038";"TLSCOMMUNICTAION";"HandshakeMessage:ClientHello was sent.";;
"thread 0x9090EFA";"";"63785022523088";"TLSCOMMUNICTAION";"HandshakeMessage:ServerHello was received.";;
"thread 0x9090EFA";"";"63785022523099";"TLSCOMMUNICTAION";"The server supports secure renegotiation.";;
"thread 0x9090EFA";"";"63785022523108";"TLSCOMMUNICTAION";"HandshakeMessage:Certificate was received.";;
"thread 0x9090EFA";"";"63785022523163";"TLSCOMMUNICTAION";"HandshakeMessage:ServerKeyExchange was received.";;
"thread 0x9090EFA";"";"63785022523172";"TLSCOMMUNICTAION";"HandshakeMessage:CertificateRequest was received.";;
"thread 0x9090EFA";"";"63785022523175";"TLSCOMMUNICTAION";"HandshakeMessage:ServerHelloDone was received.";;
"thread 0x9090EFA";"";"63785022523191";"TLSCOMMUNICTAION";"Verifying server certificate ('CN=*.azure-devices.net').";;
"thread 0x9090EFA";"";"63785022523904";"TLSCOMMUNICTAION";"Certificate verification result: Accept";;
"thread 0x9090EFA";"";"63785022523913";"TLSCOMMUNICTAION";"Verifying server key exchange signature.";;
"thread 0x9090EFA";"";"63785022523970";"TLSCOMMUNICTAION";"Received ephemeral Diffie-Hellman prime.";;
"thread 0x9090EFA";"";"63785022525227";"TLSCOMMUNICTAION";"Ephemeral Diffie-Hellman prime size is 2048 bits (minimum allowed size is 1024 bits).";;
"thread 0x9090EFA";"";"63785022526511";"TLSCOMMUNICTAION";"Client certificate authentication was requested.";;
"thread 0x9090EFA";"";"63785022526519";"TLSCOMMUNICTAION";"No suitable client certificate is available.";;
"thread 0x9090EFA";"";"63785022526539";"TLSCOMMUNICTAION";"HandshakeMessage:Certificate was sent.";;
"thread 0x9090EFA";"";"63785022526574";"TLSCOMMUNICTAION";"HandshakeMessage:ClientKeyExchange was sent.";;
"thread 0x9090EFA";"";"63785022526628";"TLSCOMMUNICTAION";"CipherSpec:ChangeCipherSpec was sent.";;
"thread 0x9090EFA";"";"63785022526636";"TLSCOMMUNICTAION";"HandshakeMessage:Finished was sent.";;
"thread 0x9090EFA";"";"63785022526675";"TLSCOMMUNICTAION";"CipherSpec:ChangeCipherSpec was received.";;
"thread 0x9090EFA";"";"63785022526691";"TLSCOMMUNICTAION";"HandshakeMessage:Finished was received.";;
M2M.MqttClient.ReceiveThread 0x9C204F2";"";"63785022527503";"MQTTCOMMUNICATION";"RECV CONNACK(returnCode:0)";;
M2MFacade.ConnectThread 0x6B2194A";"";"63785022528077";"MQTTCOMMUNICATION";"enqueued PUBLISH(messageId:1,topic:devices/test/messages/events/ONLINE,message:6F6E6C696E65)";;
M2M.MqttClient.ProcessInflightThread 0x7A40972";"";"63785022528085";"MQTTCOMMUNICATION";"SEND PUBLISH(messageId:1,topic:devices/test/messages/events/ONLINE,message:6F6E6C696E65)";;
M2M.MqttClient.ProcessInflightThread 0x7A40972";"";"63785022528092";"MQTTCOMMUNICATION";"processed PUBLISH(messageId:1,topic:devices/test/messages/events/ONLINE,message:6F6E6C696E65)";;
M2M.MqttClient.ReceiveThread 0x9C204F2";"";"63785022528108";"TLSCOMMUNICTAION";"TLS socket was closed, 0 bytes of data were received.";;
M2M.MqttClient.DispatchEventThread 0x86D0806";"";"63785022528594";"TLS_COMMUNICTAION";"Closing TLS socket.";;

The generale framework works fine and connection to a mosquitto broker with TLS also works stabel.

Did anyone already tried to connect to azure with the Rebex TLS library using SAS Token?

Thanks!

André

Applies to: Rebex TLS

1 Answer

0 votes
by (150k points)
I can't find any issues in our database related to Azure IoT Hub, with or without SAS Token. But we have not tried this ourselves either. However, from the log, TLS negotiation was apparently successful, and the TLS socket was able to send and receive data. This suggests that the issue is unlikely to be at the TLS transport level. Does this work if you run the code on .NET Framework instead of .NET Compact Framework?
by (120 points)
Hello,

thank's for your support!

We found the root cause for this issue.

Azure closes instantly the MQTT connection if any topic is received which does not follow their pre-defined prefixes.
We did not change the topic path for all topics during the test and this caused the unexpected closing of the socket.

After changing of all topic path the MQTT connection via TLS works stabel.
...