MKR ZERO Ethernet MQTT with TLS / SSL ? Error

Hello all,
I'm using an Arduino ZERO + MKR Eth Shield.

I can connect and post to a MQTT server but now I would like to connect to a MQTT server (CloudMqtt) that accept :

SSL Port

Or Websockets Port (TLS only)

And I fail on that error :

2020-04-07 10:24:39: Socket error on client <unknown>, disconnecting.
2020-04-07 10:24:39: New connection from 109.89.27.173 on port 23932.
2020-04-07 10:24:44: OpenSSL Error: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure

I get a lot of information from here : Arduino MKR 10xx, ETH Shield and Amazon Web Services: Safe MQTT with SSL and Certificate

But I don't want to user a certificat to connect but just user password

On my computer with MQTT SPy I just select theses option :
m23.cloudmqtt.com:33932 Websocket, TLSv1.2

  • I check user authentication and I put user/pass
    No need of certificate.

Here is what I try on the arduino :

Could you please help me ? Any Idea ?

#include <ArduinoBearSSL.h>
#include <ArduinoMqttClient.h>
#include <SPI.h>
#include <Ethernet.h>
#include <EthernetUdp.h>

const char broker[]      = "m23.cloudmqtt.com";
#define mqttport 33932 //13932
#define AUTHTOKEN "XXXXXXX" //my password
#define AUTHMETHOD "XXXXXXX" // My user

// Enter a MAC address for your controller below.
// Newer Ethernet shields have a MAC address printed on a sticker on the shield
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };


// time service
unsigned int localPort = 8888;       // local port to listen for UDP packets
const char timeServer[] = "time.nist.gov"; // time.nist.gov NTP server
const int NTP_PACKET_SIZE = 48; // NTP time stamp is in the first 48 bytes of the message
byte packetBuffer[NTP_PACKET_SIZE]; //buffer to hold incoming and outgoing packets
// A UDP instance to let us send and receive packets over UDP
EthernetUDP Udp;


// Initialize the Ethernet client library
// with the IP address and port of the server
// that you want to connect to (port 80 is default for HTTP):


EthernetClient client;
BearSSLClient sslClient(client); // Used for SSL/TLS connection, integrates with ECC508
MqttClient    mqttClient(sslClient);


unsigned long lastMillis = 0;



void setup() {
  delay(5000);
  Serial.println("End delay 5000");



  
  pinMode(4, OUTPUT);
  digitalWrite(4, HIGH);
  
  Ethernet.init(5);   // MKR ETH shield

  Serial.begin(115200);
  while (!Serial);
    
  // start Ethernet and UDP
  if (Ethernet.begin(mac) == 0) {
    Serial.println("Failed to configure Ethernet using DHCP");
    // Check for Ethernet hardware present
    if (Ethernet.hardwareStatus() == EthernetNoHardware) {
      Serial.println("Ethernet shield was not found.  Sorry, can't run without hardware. :(");
    } else if (Ethernet.linkStatus() == LinkOFF) {
      Serial.println("Ethernet cable is not connected.");
    }
    // no point in carrying on, so do nothing forevermore:
    while (true) {
      delay(1);
    }
  }

  
  Serial.print("L'adresse IP du shield Ethernet est :" );
  Serial.println(Ethernet.localIP());

  Udp.begin(localPort);  

  getTime();
  // Set a callback to get the current time
  // used to validate the servers certificate
  //ArduinoBearSSL.onGetTime(getTime);


    Serial.println("\nStarting connection to server...");
  // if you get a connection, report back via serial:
  //if (sslClient.connect("m23.cloudmqtt.com", 33932))
  {
    Serial.println("connected to cloudmqtt");
    mqttClient.setId("clientId");
    mqttClient.setUsernamePassword(AUTHMETHOD,AUTHTOKEN); //user pass
    mqttClient.onMessage(onMessageReceived);
    Serial.println("test con sslclient");

////////////////////////// The programe loop Here beacause doesn't manage to connect
    while (!mqttClient.connect(broker, 23932)) {
    // failed, retry
     Serial.print(".");
    delay(5000);
  }
  Serial.println();

  Serial.println("You're connected to the MQTT broker");

 }



void loop() {

  if (!mqttClient.connected()) {
    // MQTT client is disconnected, connect
    connectMQTT();
  }

  // poll for new MQTT messages and send keep alives
  mqttClient.poll();


  // publish a message roughly every 5 seconds.
  if (millis() - lastMillis > 5000) {
    lastMillis = millis();

    publishMessage();
  }
}



unsigned long getTime() {
  sendNTPpacket(timeServer); // send an NTP packet to a time server
  unsigned long epoch = 0UL;

  // wait to see if a reply is available
  delay(1000);
  if (Udp.parsePacket()) {
    // We've received a packet, read the data from it
    Udp.read(packetBuffer, NTP_PACKET_SIZE); // read the packet into the buffer

    // the timestamp starts at byte 40 of the received packet and is four bytes,
    // or two words, long. First, extract the two words:

    unsigned long highWord = word(packetBuffer[40], packetBuffer[41]);
    unsigned long lowWord = word(packetBuffer[42], packetBuffer[43]);
    // combine the four bytes (two words) into a long integer
    // this is NTP time (seconds since Jan 1 1900):
    unsigned long secsSince1900 = highWord << 16 | lowWord;
    Serial.print("Seconds since Jan 1 1900 = ");
    Serial.println(secsSince1900);

    // now convert NTP time into everyday time:
    Serial.print("Unix time = ");
    // Unix time starts on Jan 1 1970. In seconds, that's 2208988800:
    const unsigned long seventyYears = 2208988800UL;
    // subtract seventy years:
    epoch = secsSince1900 - seventyYears;
    Serial.println(epoch);    
  }
  return epoch;
}

// send an NTP request to the time server at the given address
void sendNTPpacket(const char * address) {
  // set all bytes in the buffer to 0
  memset(packetBuffer, 0, NTP_PACKET_SIZE);
  // Initialize values needed to form NTP request
  // (see URL above for details on the packets)
  packetBuffer[0] = 0b11100011;   // LI, Version, Mode
  packetBuffer[1] = 0;     // Stratum, or type of clock
  packetBuffer[2] = 6;     // Polling Interval
  packetBuffer[3] = 0xEC;  // Peer Clock Precision
  // 8 bytes of zero for Root Delay & Root Dispersion
  packetBuffer[12]  = 49;
  packetBuffer[13]  = 0x4E;
  packetBuffer[14]  = 49;
  packetBuffer[15]  = 52;

  // all NTP fields have been given values, now
  // you can send a packet requesting a timestamp:
  Udp.beginPacket(address, 123); // NTP requests are to port 123
  Udp.write(packetBuffer, NTP_PACKET_SIZE);
  Udp.endPacket();
}

void connectMQTT() {
  Serial.print("Attempting to MQTT broker: ");
  Serial.print(broker);
  Serial.println(" ");

  while (!mqttClient.connect(broker, mqttport)) {
    // failed, retry
     Serial.print(".");
    delay(5000);
  }
  Serial.println();

  Serial.println("You're connected to the MQTT broker");
  Serial.println();

  // subscribe to a topic
  mqttClient.subscribe("arduino/incoming");
}

void publishMessage() {
  Serial.println("Publishing message");

  // send message, the Print interface can be used to set the message contents
  mqttClient.beginMessage("arduino/outgoing");
  mqttClient.print("{\n\"message\": \"hello\",\n\"testdata\": ");
  mqttClient.print(millis());
  mqttClient.print("\n}");
  mqttClient.endMessage();
}

void onMessageReceived(int messageSize) {
  // we received a message, print out the topic and contents
  Serial.print("Received a message with topic '");
  Serial.print(mqttClient.messageTopic());
  Serial.print("', length ");
  Serial.print(messageSize);
  Serial.println(" bytes:");

  // use the Stream interface to print the contents
  while (mqttClient.available()) {
    Serial.print((char)mqttClient.read());
  }
  Serial.println();
  Serial.println();
}

On my computer with MQTT SPy I just select theses option :
m23.cloudmqtt.com:33932 Websocket, TLSv1.2

Don't use the Websocket option, simply use MQTT over SSL/TLS. Websockets are to be used in a web application (Javascript).