fiware-orion icon indicating copy to clipboard operation
fiware-orion copied to clipboard

Published 20 hours ago verified publisher icon telefonicaid

MQTT notifications improvements: TLS support

Open fgalan opened this issue 3 years ago • 3 comments

Follow up from issue #3001

Support TLS. It needs to be analysed, but some early thoughts follow:

  • mqtts:// should be supported as schema for url field
  • We could reuse the same -key, -cert and -insecureNotif fields we currently use for HTTPS notifications

Equivalent mosquitto_pub:

mosquitto_pub -d --insecure --cafile file.pem -h <host> -p 1883 -u <username> -P <password> -t '/topic' -m 'payload'

fgalan avatar Aug 31 '21 07:08 fgalan

Hey @fgalan,

due to some GDPR restrictions, there is quite some need in our use case to implement tls for mqtt notifications. Is there anything planned for your roadmap?

Thanks in advance for your answer!

SBlechmann avatar Mar 19 '24 13:03 SBlechmann

@SBlechmann this issue isn't in our roadmap at the present moment.

However, we are always open to out-of-roadmap contributions, so if you have a strong need of this use case, we would be more than happy to have a look to a pull request implementing it (and eventually merge it, of course :)

Having a look to the library we use for MQTT notification (https://mosquitto.org/api/files/mosquitto-h.html) it seems it support TLS, so it seems to be doable.

Thanks for the feedback!

fgalan avatar Mar 19 '24 16:03 fgalan

@fgalan that's unfortunate. IoT systems that do not incorporate essential security features are not usable =(

Well, my background is mechanical engineering... but if you will, I can have a look. Thanks for the hint to the mosquitto library.

SBlechmann avatar Mar 23 '24 09:03 SBlechmann