The error you're encountering (tlsv1 alert internal error) typically indicates a problem with the TLS handshake between the client and the broker. First, ensure that both the broker and client are properly configured for TLS 1.2, as you're already specifying with tls_version tlsv1.2 and mosquitto_tls_opts_set(mqtt, 1, "tlsv1.2", NULL). Double-check the paths to your certificates (server.crt, server.key, ca.crt) and ensure they are correct and accessible by both the client and broker. The broker is set to require client certificates (require_certificate true), so make sure the client is presenting a valid certificate. Permissions on the certificate files should also be correct, as improper file access can cause issues. To help debug, increase the logging verbosity on the broker to gather more detailed error messages and consider testing the connection with OpenSSL's s_client to further investigate the SSL/TLS handshake. If there is still a problem, verify that your OpenSSL versions on both the client and broker support TLS 1.2 and that the cipher suites are compatible.