SSL/TLS protocols allow the connection between two mediums (client-server) to be encrypted. Encryption helps you make sure that no third party is able to read the data or tamper with it.
The SSL/TLS configuration is the same for both
MQTT5, and it comes in two flavors:
The simple TLS configuration allows to setup TLS with a single CA certificate, without the need of creating a truststore file for a single certificate.
This is exceptionally good for testing, but is also good for production if your use case fits.
This configuration only requires one property: the CA Certificate Path, that must be the path to a X509 certificate.
<mqtt:config name="MQTT5"> <mqtt:mqtt5-connection host="test.mosquitto.org" port="8883"> <mqtt:tls-configuration> <mqtt:simple-tls-config caCertificate="resources/mosquitto.org.crt" /> </mqtt:tls-configuration> </mqtt:mqtt5-connection> </mqtt:config>
|The path to the CA X509 certificate resource.||-|
The advanced TLS configuration is based on the TLS context with a trust store file and additional information to establish the secure communication.
The TLS Context can be defined in line (like in the example below), but can also be declared as a reference to a global defined one.
It is important to know that the TLS Context has the capability to configure a key store, but for setting up TLS, only a trust store will br required. The key store will be used to perform transport level authentication (Mutual TLS authentication) that is described in the Authentication section.
<mqtt:config name="MQTT5"> <mqtt:mqtt5-connection host="test.mosquitto.org" port="8883"> <mqtt:tls-configuration> <mqtt:advanced-tls-config> <tls:context> <tls:trust-store path="resources/truststore.jks" type="jks" password="changeit" insecure="false"/> </tls:context> </mqtt:advanced-tls-config> </mqtt:tls-configuration> </mqtt:mqtt5-connection> </mqtt:config>
The TLS Context enables to set all security files and configuration in a single object. This can be also declared globally and referenced.
A comma separated list of protocols enabled for this context.
A comma separated list of cipher suites enabled for this context.
Contains all the configuration for a trust store file that stores CA certificates.
|The location of the trust store.||-|
|The password for the trust store file.||-|
|The type of the trust store.|
|The algorithm used by the trust store.||-|
|Disables verification of the server hostname in the server certificate.|
Contains all the configuration for a key store that is used to store users credentials.
The keystore is used to setup Mutual TLS authentication. See Authentication.
|The location of the key store.||-|
|The type of store used.|
|When the key store contains many private keys, this attribute indicates the alias of the key that should be used. If not defined, the first key in the file is used by default.||-|
|The password used to protect the private key.||-|
|The password used to protect the key store file.||-|
|The algorithm used by the key store.||-|