Azure Event Grid
An Azure event routing service designed for high availability, consistent performance, and dynamic scale.
424 questions
How to debug WolfSSL connection with Azure Event Grid
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 81%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOL%3C/text%3E%3C/svg%3E)
Olaf Leidinger
0
Reputation points
Dear all,
I'm having trouble to connect to Azure Event Grid using PahoMQTT/WolfSSL.
From what I can tell using WireShark, the connection fails during the TLS negotiation.
The same device, however, can connect without any problems to public MQTT brokers like test.mosquitto.orgusing client certificates.
The setup of the Event Grid appears to be okay as well, since I can connect using different clients and OpenSSL
openssl s_client -connect nameishidden.germanywestcentral-1.ts.eventgrid.azure.net:8883 -cert client.crt -key client.key
According to WireShark, the TLS connection fails during set-up. The device sends its HELO, but never receives any answer:
From what I can tell, the supported cipher suites appear to be okay:
I'd love to get my hands on server side TLS debug logs, but I don't see how this would be possible.
Is there any way to debug this further?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 40%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKA%3C/text%3E%3C/svg%3E)
Khadeer Ali 3,430 Reputation points Microsoft Vendor2025-02-14T13:01:52.4266667+00:00 Thanks for reaching out, If you're having trouble connecting WolfSSL with Azure Event Grid, here are a few things to check. First, make sure the client metadata is set up right in Azure Event Grid. The client identity needs to be properly registered for the connection to work.
Next, double-check your authentication credentials. The username in the client’s connection request should match the authentication name listed in the client metadata. If there's a mismatch, the connection won’t work.
If you're using a CA certificate for authentication, ensure it’s signed by a CA that Azure recognizes. For self-signed X.509 certificates, verify that the thumbprint in the client metadata matches the one in your certificate. This is a common issue that can block the connection.
Also, check your firewall settings. The secure MQTT protocol uses port 8883, so if that port is blocked, the connection won't go through.
Another thing to keep in mind is that each client connecting to Event Grid must have a unique Client ID. If two clients use the same ID, they could interfere with each other and cause connection issues.
Finally, review the connection limits for your Event Grid namespace. If you’ve reached the maximum number of allowed connections, new ones might be rejected. While server-side logs might not always be available, checking the client-side logs can give you insights into what’s going wrong, especially with TLS negotiation failures.
Going through these steps should help you identify the issue. Let me know if you need more help!
References:
Sign in to comment
Sign in to answer