MQTT with TLS Mosquitto config

Moderators: grovkillen, Stuntteam, TD-er

Post Reply
Message
Author
TommoT1
Normal user
Posts: 39
Joined: 17 Aug 2018, 11:46

MQTT with TLS Mosquitto config

#1 Post by TommoT1 » 13 Nov 2024, 11:14

Hi there!
Since is it possible now to use TLS with the MQTT Controller (I know, just encrypted traffic, nothing else for now)
I enabled in the controller settings "TLS".
Now I'm trying to config my mosquitto that it accepts those encrypted traffic but I don't get it to work.....
I tried the following config:

Code: Select all

listener 8883 192.168.12.2
tls_version tlsv1.1 tlsv.1.2 tlsv.1.3
require_certificate false
allow_anonymous false
acl_file /etc/mosquitto/AccessControlFile.txt
password_file /etc/mosquitto/Passwords.txt
But the node gets no connection to the broker....
Any hints?

User avatar
Ath
Normal user
Posts: 4007
Joined: 10 Jun 2018, 12:06
Location: NL

Re: MQTT with TLS Mosquitto config

#2 Post by Ath » 13 Nov 2024, 13:00

Your list of TLS Versions seems to have some typos: https://mosquitto.org/man/mosquitto-conf-5.html
Not sure if it matters, but most likely it does...
/Ton (PayPal.me)

TommoT1
Normal user
Posts: 39
Joined: 17 Aug 2018, 11:46

Re: MQTT with TLS Mosquitto config

#3 Post by TommoT1 » 13 Nov 2024, 17:31

Thanks Ton!
Did'n't see that, but still no help...
I added a CA certificate and a server certificate and a keyfile, although ESPeasy can't handle it anyway in the moment, but now I can connect from my mobile to the broker with TLS but connections from the ESPeasy node don't work. Mosquitto reports:

Code: Select all

1731516615: New connection from 192.168.12.148 on port 8883.
1731516616: Socket error on client <unknown>, disconnecting.
ESPeasy log just says:

Code: Select all

765860: MQTT : Broker C005 connection failed (37/0)
765861: MQTT : TLS error code: 27 
Last edited by TommoT1 on 13 Nov 2024, 18:03, edited 1 time in total.

TD-er
Core team member
Posts: 9360
Joined: 01 Sep 2017, 22:13
Location: the Netherlands
Contact:

Re: MQTT with TLS Mosquitto config

#4 Post by TD-er » 13 Nov 2024, 17:51

This is what I have in my /etc/mosquitto/conf.d/default.conf

Code: Select all

allow_anonymous true
password_file /etc/mosquitto/passwd

listener 1883 

listener 8883
certfile /etc/mosquitto/certs/server.crt
cafile /etc/mosquitto/ca_certificates/ca.crt
keyfile /etc/mosquitto/certs/server.key
require_certificate false

TommoT1
Normal user
Posts: 39
Joined: 17 Aug 2018, 11:46

Re: MQTT with TLS Mosquitto config

#5 Post by TommoT1 » 13 Nov 2024, 18:11

Yes, now mine looks the same but no connection from the node to the broker :|

TD-er
Core team member
Posts: 9360
Joined: 01 Sep 2017, 22:13
Location: the Netherlands
Contact:

Re: MQTT with TLS Mosquitto config

#6 Post by TD-er » 13 Nov 2024, 21:24

How do you connect?
Using IP or hostname?

I think (expect) you can't use IP-based connection when using SSL/TLS, as a certificate can only be on a domainname.

Also we I was not able to use email with GMail using TLS, but only using SSL.
So maybe this also is a problem here?
We're using a stripped down version of BearSSL, not MBed-TLS as library to make a secure connection.
Maybe that's also a limiting factor here?

paddlingcook
New user
Posts: 1
Joined: 15 Nov 2024, 05:51

Re: MQTT with TLS Mosquitto config

#7 Post by paddlingcook » 15 Nov 2024, 06:02

I'm also having the same problem as yours. I tried all the ways listed here but they don't work :(

TD-er
Core team member
Posts: 9360
Joined: 01 Sep 2017, 22:13
Location: the Netherlands
Contact:

Re: MQTT with TLS Mosquitto config

#8 Post by TD-er » 15 Nov 2024, 08:32

Here is a test broker, where you can test a number of configurations.
https://test.mosquitto.org/

Please let me know if any of these 'encrypted' ports do or do not work.
N.B. you may need to set the timeout to a larger value as it is an online server.
Also do not subscribe to "#" as it is probably getting a lot of traffic which the ESP might not be able to handle.

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests