1

We are developing a Mosquitto broker based POC where 3 different MQTT client being used i.e. C, Python and phpMQTT and we need to pass messages between these clients. But phpMQTT client does not implement SSL/TLS which is limiting us to enable SSL for the whole solution.

Is there any way to communicate between these three clients if my C & Python client are connected to the Broker on a secure port i.e. 8883( with TLS option enabled) and my phpMQTT client on port 1883(without TLS option) ?

German
  • 10,263
  • 4
  • 40
  • 56
Dilip
  • 628
  • 2
  • 10
  • 23

2 Answers2

1

Mosquitto allows you to listen on as many ports as you wish. You can decide whether to support TLS on each listener. For example you could have port 1883 for unencrypted connections, port 8883 for regular certificate based TLS, port 8884 for certificate based TLS that requires clients to pass a valid certificate and port 8885 for TLS-PSK based encryption.

Aside from the encryption in use, clients connected to the broker would interact exactly the same as normal.

ralight
  • 11,033
  • 3
  • 49
  • 59
  • Thanks Roger. Does that mean (3) is true if 1) My php client is connected over port 1883(without TLS) 2) At the same time my C & Python client connected over port 8883(With TLS) 3) My C/Python client will be able to subscribe to messages published from my php client or vice-versa ? – Dilip Oct 25 '13 at 03:33
  • For some reason its not working for me. I'm only able to subscribe to messages published on the same port. If its design to be so(as explained above) then I could be doing something wrong, not sure. – Dilip Oct 26 '13 at 04:02
  • Try 1883 and 8883 on test.mosquitto.org. You can get the CA file at http://test.mosquitto.org/ If that works, you know it is something at your end not working properly. – ralight Oct 26 '13 at 09:04
0

I'm not sure if mosquitto is able to start on two different ports. You could try to do this with HiveMQ, which supports a so called "hybrid mode" (http://www.hivemq.com/docs/hivemq/1.4.1/#hybrid-mode-chapter) This Hybrid mode lets you connect without TLS on any port (like 1883) and with TLS on another port (like 8883).

I'm not sure why you are using phpMQTT, but would websockets be an option for you? HiveMQ supports secure websockets out of the box, so you could give this a try. A blog post about how to do this is available here: http://www.hivemq.com/build-javascript-mqtt-web-application/

Disclaimer: I am one of the developers of HiveMQ

Dominik Obermaier
  • 5,610
  • 4
  • 34
  • 45
  • Thanks Dominik. We have chosen PHP MQTT client over JS client because of two reason(Firewall & Security). 1) JS will execute on browser and if I'm on a corporate network then firewall may block me to publish messages. 2) If we are using credentials to connect with the broker then others can easily get it from JS. – Dilip Oct 25 '13 at 05:53