[Transmission]Connect to IoT Core => Received fatal alert: protocol_version

gnguyen · December 15, 2025, 9:07pm

Hi,

I try to connect Transmission 5.0.1 to AWS IoT Core.

I receive this error:

org.eclipse.paho.client.mqttv3.MqttException: MqttException
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:738)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Unknown Source)
at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:159)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:724)

I’ve added wrapper.java.additional.100=-Djdk.tls.client.protocols=TLSv1.2,TLSv1.3 in ignition.conf and restarted the gateway and tried IoTSecurityPolicy_TLS13_1_2_2022_10 and and othet option in domain configuration with no success.

Any idea?

BR

gnguyen · December 15, 2025, 9:18pm

Additional info form CLI:

$ aws iot describe-domain-configuration --domain-configuration-name "iot:Data-ATS"
{
    "domainConfigurationName": "iot:Data-ATS",
    "domainConfigurationArn": "arn:aws:iot:us-west-1:CLIENTID:domainconfiguration/iot:Data-ATS",
    "domainName": "BLAHBLAHBLAH-ats.iot.us-west-1.amazonaws.com",
    "serverCertificates": [],
    "domainConfigurationStatus": "ENABLED",
    "serviceType": "DATA",
    "domainType": "ENDPOINT",
    "lastStatusChangeDate": "2025-12-15T20:00:30.662000+00:00",
    "tlsConfig": {
        "securityPolicy": "IoTSecurityPolicy_TLS13_1_2_2022_10"
    },
    "authenticationType": "DEFAULT",
    "applicationProtocol": "DEFAULT"
}

wes.johnson · December 15, 2025, 10:19pm

It appears there is an issue with TLS 1.3 on our side. I’m creating a ticket to look into this on our side.

For the time being, I think you may be able to work around this by using TLS 1.2 on the AWS IoT Core side. We could not repro with this:
"tlsConfig": { "securityPolicy": "IoTSecurityPolicy_TLS12_1_0_2015_01" },

I’ll provide an update on TLS 1.3 support when I have it.

gnguyen · December 16, 2025, 7:01am

Good catch.

Thank you @wes.johnson

wes.johnson · December 28, 2025, 2:17am

This has been fixed in the Cirrus Link modules nightly build. They did not previously support TLS 1.3. They do now in the nightly builds and will in the next official releases.

Topic		Replies	Views
SSL/TLS Cert works in MQTT Explorer, but not Transmission Module Ignition Modules mqtt-transmission	6	98	January 17, 2025
Connection (and publishing) works through MQTT Engine, but fails in MQTT Transmission MQTT Modules mqtt-transmission , mqtt-engine	10	655	March 14, 2024
MQTT Version issue MQTT Modules	3	728	February 20, 2023
Error starting MQTT Transmission module after updating to 4.0.13 Ignition Modules mqtt-transmission	1	280	December 7, 2022
MQTT - Running through Port 443 (IT Security) MQTT Modules mqtt-transmission	6	953	August 30, 2021

[Transmission]Connect to IoT Core => Received fatal alert: protocol_version

Related topics