What about a secure mqtt client

Posted on
  • Is there already the possibility to do secure mqtt connection? Have a Pico with a wiz module for Ethernet on my desk and would like to use mqtt secure with providing CA as pem like possible as command like this:

    mosquitto_sub -h  host -p 8883 -t topic --cafile /path/to/a/file

    Any hints or howto?

  • Yes, I think you can do it fine on the Pico as you have TLS there? it's literally just MQTT but over TLS


    Not tried recently, but this should work:

    var options = url.parse("localhost:1234");
    options.key = atob("MIIJKQ ... OZs08C");
    options.cert = atob("MIIFi ... Uf93rN+");
    options.ca = atob("MIIFgDCC ... GosQML4sc=");
      var mqttoptions = { // ALL OPTIONAL - the defaults are below
        client_id : "random",   // the client ID sent to MQTT - it's a good idea to define your own static one based on `getSerial()`
        keep_alive: 60,         // keep alive time in seconds
        clean_session: true,
        username: "username",   // default is undefined
        password: "password",   // default is undefined
        protocol_name: "MQTT",  // or MQIsdp, etc..
        protocol_level: 4,      // protocol level
    var mqtt = require("MQTT").create(null, mqttoptions);
    require("tls").connect(options, function(client) {
    } );

    certs can now be in storage too.

    If this works please can you let me know? It'd be nice to add to the MQTT page

  • Thanks for sharing, will definitly give it a try.

  • ok, back with some update: The test was to connect to test.mosquitto.org and it did not work beause this site does not support TLS 1.0 which can be checked with nmap --script ssl-enum-ciphers -p 8883 test.mosquitto.org, same result for broker.emqx.io.

    Does anyone know a public mqtt test broker that still support TLS 1.0?

    Edit: broker.hivemq.com still supports TLS 1.0

  • I wasn't aware of this being an issue - do you think upgrading mbedtls would help with this?

  • do you think upgrading mbedtls would help with this?

    yes, definitely

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview

What about a secure mqtt client

Posted by Avatar for MaBe @MaBe