I am new at MQTT and HiveMQ.
Currently, I want to get familiar with this technology. First steps with NodeJS and the public broker was straight forward. I also was able to use Postman to publish/subscribe messages. The HiveMQ blog posts helped a lot.
But then I want to use the free cluster. Adapting the NodeJS example was a trial and error mission but at the end it worked. Suggestion for improvement: /blog/ultimate-guide-on-how-to-use-mqtt-with-node-js/ should also mention how to use the cluster. After searching web and trying, I found out that I have to use tls:// instead of mqtt://
But now I am coming to my issue.
I searched for this topic also and found:
github.com/postmanlabs/postman-app-support
### Is there an existing issue for this?
- [X] I have searched the tracker fo
…
r existing similar issues and I know that duplicates will be closed
### Describe the Issue
Describe the bug
I'm attempting to connect to an MQTT service that requires setting SNI when connecting over the TLS protocol, for example, mqtts://localhost:7883. Upon capturing packets with Wireshark, I discovered that Postman does not provide SNI by default. The MQTT server expects the following, with server_name TLS ClientHello extension set to localhost.
Frame 994: 573 bytes on wire (4584 bits), 573 bytes captured (4584 bits) on interface lo0, id 0
Null/Loopback
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Transmission Control Protocol, Src Port: 56889, Dst Port: 7883, Seq: 1, Ack: 1, Len: 517
Transport Layer Security
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 512
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 508
Version: TLS 1.2 (0x0303)
Random: 910acfe4d9aa4bf610aba17bbfbed5f53991d2061ff5b2551b11c430854c61d4
Session ID Length: 32
Session ID: 84defa324f751335a817aa6960d889680e4d0453e1b708ec907ad8c59d807183
Cipher Suites Length: 36
Cipher Suites (18 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 399
Extension: server_name (len=14) name=localhost
Type: server_name (0)
Length: 14
Server Name Indication extension
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Extension: supported_groups (len=8)
Type: supported_groups (10)
Length: 8
Supported Groups List Length: 6
Supported Groups (3 groups)
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Session Ticket: <MISSING>
Extension: application_layer_protocol_negotiation (len=12)
Type: application_layer_protocol_negotiation (16)
Length: 12
ALPN Extension Length: 10
ALPN Protocol
.....
however received the following instead
Frame 2164: 290 bytes on wire (2320 bits), 290 bytes captured (2320 bits) on interface lo0, id 0
Null/Loopback
Internet Protocol Version 4, Src: 127.0.0.1, Dst: 127.0.0.1
Transmission Control Protocol, Src Port: 65269, Dst Port: 7883, Seq: 1, Ack: 1, Len: 234
Transport Layer Security
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 229
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 225
Version: TLS 1.2 (0x0303)
Random: dbd3d941376acef36da9e587789d384607ec5e2bfc497fe32c953ec35986fbee
Session ID Length: 32
Session ID: bf0e937b8d3f360599e365f0666791a389f6fc5587f5a6e1b83482d2cdf71883
Cipher Suites Length: 36
Cipher Suites (18 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 116
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Extension: supported_groups (len=8)
Type: supported_groups (10)
Length: 8
Supported Groups List Length: 6
Supported Groups (3 groups)
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Session Ticket: <MISSING>
.....
### Steps To Reproduce
1. Download postman for mac
2. Connect to mqtt over using `mqtts` for example `mqtts://localhost:7883`
### Screenshots or Videos
No video
### Operating System
macOS
### Postman Version
10.24.18
### Postman Platform
Postman App
### User Account Type
Signed In User
### Additional Context?
No additional context
Postman Now Supports MQTT | Postman Blog
(search for SNI)
Here also the suggestion for improvement: blog/exploring-postman-mqtt-integration-with-hivemq/ should also explain who to use the broker with TLS.
Thanks for your support
Hello
@blub
To establish a TLS connection to the HiveMQ Cloud (Serverless), you must ensure that your device/client supports and uses the TLS protocol extension called “SNI” (Server Name Indication). This TLS extension provides the server’s hostname in the “Client Hello” TLS packet.
I have performed some tests with my
Serverless
broker and I see the same issue you described. While trying with
Starter
broker where SNI is not required I was able to connect without any issue.
It’s a Postman MQTT client implementation issue. I’m using the latest Postman version 11.7.0.
Kind regards,
