stackoom
  简体   繁体   中英

Mosquitto broker with SSL encryption for bridge connection

 原文  2021-03-25 23:13:54       ssl/ mqtt/ mosquitto/ broker/ bridging

Question

Let me first explain what I am trying to achieve first and then I'll get into the details of the things I have tried already.

So, we have a VM that is on our premise and another VM that is on a customer's premise. The access to these VMs are only available to certain IP addresses. So, we could say that they are secure enough for our use-case.

Data from customer's environment flows through and into our VM through a mosquitto broker that is set-up on both these environments. This is done with the help of broker bridging that works fine. However, since this bridge is over the internet, we want to ensure that the data is encrypted and that no-one could intercept this over the internet and use this data in a malicious manner.

To achieve this we are making the use of SSL broker encryption. The first method I tried is to use PKS encryption method.

Here is the broker config at the customer environment.

listener 8883
connection bridgetest
address 147.1.20.1:8883
bridge_identity bridge1
bridge_psk 123456789
topic # both

And here is the broker config at our environment.

listener 8883 
psk_hint SAAS Deployments
psk_file c:\DemoCompany\psk_file.txt

The contents of the psk_file.txt are very simple and same as the bridge identity and the bridge_psk provided in the config of customer environment.

The problem I am facing here is that even though I change the bridge_identity or the bridge_psk at customer's environment to something that is not in the psk_file.txt, I am still able to connect the 2 brokers over the bridge. My understanding of this was that if I change the bridge_psk to some random hex code, the connection should get rejected. But that doesn't seem to happen. Am I doing something wrong or missing something over here?

1 answers

solution1
 0 ACCPTED  2021-03-26 15:55:14

The following config files work for me with v2.0.9 builds shipped from the mosquitto PPA on Ubuntu

Client broker:

listener 1889

connection bridge
address 127.0.0.1:1890
bridge_identity bridge1
bridge_psk 123456789987654321
topic # both 0

Bridge broker

listener 1890
psk_hint my test bridge
psk_file /temp/psk/psk_file.txt
use_identity_as_username true

The use_identity_as_username is required as from Mosquitto v2 onward allow_anonymous defaults to false

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Secured SSL connection with Mosquitto Broker Error SSL/TLS connection in MQTT with mosquitto broker SSL connection from Java client (Eclipse Paho) to mosquitto broker: “unknown_ca” mosquitto-clients and broker running on SSL mosquitto MQTT broker and Java client with SSL / TLS SSL error when connecting to a mosquitto broker from another machine ssl3 alert certificate unknown on Android studio to mosquitto broker Issues connecting to mosquitto broker with node mqtt client via SSL/TLS ngx-mqtt connect via webapp to SSL/TLS mosquitto broker SSL connection encryption negotiation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM