simple mqtt and wss

  • Hello there,
    I want to use a little bit more secure solution for mqtt communicaton, but I am having some trouble to establish the connection. Probably some syntax error, but I alredy tried out all of the possibilites. (probably not all of it)
    Its always return -1
    The cert is provided externally, and its TLSv1.2.
    so the connection string looks like this:

    client = MQTTClient("GT01", "wss://", user=b"user", password=b"password", ssl=True, ssl_params = {'cert_reqs':ussl.CERT_NONE})

    Thanks in advance,

  • Hope you managed to solve your problem, OP. You can use TLS encryption to secure the connection on your MQTT broker.
    I recommend getting more info from here on how to secure your data. This guide was written by the team behind the MQTT broker Mosquitto and is, therefore, reliable and up to date. You can follow their step-by-step guide to configure a professional, secure and performant MQTT broker.
    I also have several devices in a network and use this encryption system to make sure no one hacks them. Securing data transfer between clients of a network is mandatory.

  • This post is deleted!

  • @Antman
    Well, this is the code I use:

                ssl_params= {}
                if self._isMQTTS:
                    import ussl
                    if iftools.os_path_isfile("/flash/cert/ca.pem"):
                        ssl_params= { 'server_hostname':self._MQTThost, 'cert_reqs':ussl.CERT_REQUIRED, 'ca_certs':'/flash/cert/ca.pem'}
                        ssl_params= { 'server_hostname':self._MQTThost}
                mqttc = MQTTClient(self._devid.encode('utf-8'), self._MQTThost, user=self._MQTTuser.encode('utf-8'), password=self._MQTTapikey.encode('utf-8'), ssl=self._isMQTTS, port=self._MQTTport, keepalive=self._keepalive_secs, ssl_params = ssl_params)
                # we want a persistant session so that the mqtt server stored messages when we are not connected

    MQTTClient is from the source that is in the micropython core.
    Works ok, although you have to call its 'check_msg()' method regularly to poll for received messages.
    I haven't tested it in practice with a server CA certif...

  • @tttadam Did you get a resolution to this? I have wasted many hours trying to get MQTT working. To me this should be the "Hello World" for this set of products. If there are any resources showing how to get it working for FiPy that can be shared I would greatly appreciate. In my case I am trying to get it to talk to Mosquitto - which (looks like it doesn't support sockets).

  • This post is deleted!

  • I did not, but this topic came back again! :)
    So this time I will have a secure mqtt.

  • This issue is come up again.
    Yes I know simple mqtt does not support wss, but then is there any other avaible library which does or some workaround?
    I search every corner of the internet, but didn't find any.

  • @tttadam that config is using websockets, which I don’t think simple mqtt supports. Websockets are useful for web clients as this is the only kind of socket they can open, but MQTT by default works over raw TCP or TLS over TCP, without the additional websockets layer.

    What’s your emqx configuration?

  • @jcaron I tried that one also, without luck.

    client = MQTTClient("GT01", "", user=b"user", password=b"pass", 
        ssl=True,  ssl_params = {'cert_reqs':ussl.CERT_NONE})

    With this settings I am able to connect the mqtt server with mqttbox:

  • @tttadam What's your emqx configuration? It looks like the default is to have TLS on port 8883, which is also simple mqtt's default when you don't provide a port but ssl is True. Just try leaving out the port.

  • @jcaron Yes your right, I think I left out some important detail.
    The mqtt server is emqx running on unix running in docker.
    I am using simple mqtt.
    Tried this also I got back oserror -1:

    client = MQTTClient("GT01", "", port=443, user=b"user", password=b"pass", 
        ssl=True,  ssl_params = {'cert_reqs':ussl.CERT_NONE}) #sc ssl

  • @tttadam Which MQTTClient implementation are you using? The one in pycom-libraries expects a domain name for the server, not a URL, and the port number provided separately:

    client = MQTTClient("GT01", "", 443, user=b"user", password=b"password", ssl=True, ssl_params = {'cert_reqs':ussl.CERT_NONE})

    Note also that it is designed to work with MQTT over SSL directly, not over web sockets or HTTP, so you probably don't want to connect to 443 but a different port.

    If you are using a different implementation, let us know which. Also, what server (broker) are you using, and how is it configured?

Log in to reply

Pycom on Twitter