MQTT GW on ESP8266 supporting SSL/TLS?



  • I have been using a couple of ESP8266 MySensors MQTT GW for years, connected to a public broker. Now unfortunately they will no longer support a simple connection to port 1883 but will require a secure connection using TLS.
    Question: Is there code available for the ESP8266 MQTT GW with support for SSL/TLS? How would you go about adding that support?

    Since I have three GW in different places I cannot deploy my own mosquitto broker on my HA installation.



  • @bgunnarb are you on the master or de development branch? In the development brancht, TLS is implemented (check out this) :

    /*
     * Modified by Eric Grammatico <eric@grammatico.me>
     *
     * Added support to secured connexion to mqtt server thanks to WiFiClientSecure class.
     * Please see comments in code. You can look for WiFiClientSecure, MY_GATEWAY_ESP8266_SECURE,
     * MY_MQTT_CA_CERT, MY_MQTT_FINGERPRINT and MY_MQTT_CLIENT_CERT in the code below to see what has
     * changed. No new method, no new class to be used by my_sensors.
     *
     * The following constants have to be defined from the gateway code:
     * MY_GATEWAY_ESP8266_SECURE    in place of MY_GATEWAY_ESP8266 to go to secure connexions.
     * MY_MQTT_CA_CERTx            Up to three root Certificates Authorities could be defined
     *                              to validate the mqtt server' certificate. The most secure.
     * MY_MQTT_FINGERPRINT           Alternatively, the mqtt server' certificate finger print
     *                              could be used. Less secure and less convenient as you'll
     *                              have to update the fingerprint each time the mqtt server'
     *                              certificate is updated
     *                              If neither MY_MQTT_CA_CERT1 nor MY_MQTT_FINGERPRINT are
     *                              defined, insecure connexion will be established. The mqtt
     *                              server' certificate will not be validated.
     * MY_MQTT_CLIENT_CERT           The mqtt server may require client certificate for
     * MY_MQTT_CLIENT_KEY            authentication.
     *
     */
    

    Regards, Edi



  • Hi Edi!
    I'm on the master branch.
    Regards /Gunnar



  • @eiten
    Hi Edi!
    You are an absolute STAR!
    Now I'm on the development branch 2.4.0 alpha and things work like a charm!
    I'm able to connect via SSL/TLS to a commercial broker account with a server certificate and messages have started flowing in the test rig.
    Now it's time to plan the migration of my MQTT clients.
    Thank you so much for pointing me in the right direction. I thought that TLS support was implemented in the master branch and could not understand why things did not work?
    Can I buy you a beer?

    Best regards
    /Gunnar



  • @bgunnarb Thank you for your feedback. I'm very happy that I could help you. And thank you very much for the beer.


Log in to reply
 

Suggested Topics

1
Online

11.3k
Users

11.1k
Topics

112.5k
Posts