I am building realy simple IoT project, and I am stuck on nodeMCU TLS problem. I have MQTT broker on my Raspberry pi, all certificates are correctly inserted (everything working fine with Paho Client on same raspberry or with Mqtt.fx client on remote PC), but when I try to connect from my ESP8266 with nodeMCU I am getting SSL handshake error (yes, I am using same cert file for all mentioned clients). My ESP8266 code looks like this:

    tls.cert.verify([[
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    ]])

    m:connect(config.HOST, 8883, 1, function(con) 
        print("Connected to MQTT broker")    
        register_myself()
        -- And then pings each 1000 milliseconds
        tmr.stop(6)
        tmr.alarm(6, 1000, 1, send_ping)
    end, handle_mqtt_error)

I am getting error code -5 (mqtt.CONN_FAIL_SERVER_NOT_FOUND) from m:connect, but when I analyze packets using Wireshark it TLS handshake looks like this:

• Client Hello
• Server Hello
• Certificate, Server Hello Done
• TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Unknown CA)

Also in ESPlorer console there is this line: E:M 544, I dont realy know what that means.

In case someone encountres same thing, my problem was actualy caused by high memory usage in other parts of my project, I used AES for encryption on application layer, without it everything works great.

The ESP8266 is too slow to use certificates reliably. You should upgrade to the ESP32 or something with a little more support for it.

See section 3.2 of this below PDF, referencing SSL handshake failure for ESP8266. This looks similar to your issue. You really have to get creative and lean to make it work reliably, which lowers the value of whatever you are making. So, it might not be worth the hassle.

https://www.espressif.com/sites/default/files/documentation/5a-esp8266_sdk_ssl_user_manual_en.pdf

Also, try TLS 1.1 to see what it does. It might not support TLS 1.2.