TLS issues with mosquitto-1.6.4

I recently (2 days ago) upgraded from mosquitto upgraded: 1.5.8 -> 1.6.4

No configuration changes were made after the upgrade. Both mosquitto and mqttwarn run on the same FreeBSD jail. There was a reboot of the host after the upgrade. There was no mqtt issue then. Which makes the following all the more surprising.

I have confirmed the mosquitto cert is not expired: Not After : Dec 22 02:19:10 2019 GMT

$ openssl version
OpenSSL 1.1.1a-freebsd  20 Nov 2018

Today, mqttwarn refuses to connect to mosquitto:

ERROR [mqttwarn] Cannot connect to MQTT broker at mqtt01.example.org:8883: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:727)

I also tried sslv3, just in case, but that is not any fun either:

[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure

Any ideas? Are you on Mosquitto 1.6.4

Oh oh, it looks like Moquitto dropped support for tlsv1 in release 1.6 : https://mosquitto.org/blog/2019/04/version-1-6-released/

That seems to be supported by these /var/log/messages entries:

Oct 17 20:01:17 mqtt01 mosquitto[74183]: OpenSSL Error: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol
Oct 17 20:01:17 mqtt01 mosquitto[74183]: Socket error on client <unknown>, disconnecting.