9 Replies Latest reply on Mar 3, 2016 7:07 AM by jplegoal

    IoT SDK MQTT SSL problem

    lbabaly

      Hi Everybody,

       

      I have just joined and started playing with Intel Edison and AWS IoT SDK.

      The last steps in the tutorial should make a secured MQTT connection to AWS IoT service but the openSSL refuses the connection with an SSL3 error.

      When I installed the latest firmware I got the following warning:


      InsecurePlatformWarning: A true SSLContext object is not available.

      This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail.

      For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

       

      Checking the link above:


      Certain Python platforms (specifically, versions of Python earlier than 2.7.9) have restrictions in their ssl module that limit the configuration that urllib3 can apply. In particular, this can cause HTTPS requests that would succeed on more featureful platforms to fail, and can cause certain security features to be unavailable.

      If you encounter this warning, it is strongly recommended you upgrade to a newer Python version, or that you use pyOpenSSL as described in the OpenSSL / PyOpenSSL section.

       

      and I also found this in the Yocto project manual:

      5.7.4. SSL 3.0 is Now Disabled in OpenSSL

       

      SSL 3.0 is now disabled when building OpenSSL. Disabling SSL 3.0 avoids any lingering instances of the POODLE vulnerability. If you feel you must re-enable SSL 3.0, then you can add an append file (*.bbappend) for the openssl recipe to remove "-no-ssl3" from EXTRA_OECONF.

       

      I think this causes my problem. Is there anybody who can provide me an updated image with SSL3 support for Edison?