SSL for outside but not inside network ??

[Vincèn Pujol]

Hi

I'm using Mosquitto with great success on my Raspberry with Home Assistant and it works great ! Now I try to harden a little my setup and till now I have let my Mosquitto server avalaible from outside (protected only by login/pass).

Now I'd like to activate on it SSL for more security (for outside connections) from Internet, I don't care for local connection not to be in SSL (and in fact easier as most of my little IoT don't like much SSL and all these stuffs !

My question is:

Is there a way to get Mosquitto to accept non SSL connection (if it accepts also SSL it's not a problem) and that outside it only accepts SSL connection ? I was thinking to open only the 8883 port for SSL but I don't see how you can tell him: SSL on that port, non SSL on that other port ??

Thanks for help,

Vincèn

[Roger Light]

Try adding a listener that binds to the local interface for your
unencrypted listener, then another listener as normal with your TLS
setup.

listener 1883 127.0.0.1

listener 8883
cafile ca.crt
...

Cheers,

Roger

> --
> To learn more about MQTT please visit http://mqtt.org
> ---
> You received this message because you are subscribed to the Google Groups
> "MQTT" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to mqtt+uns...@googlegroups.com.
> To post to this group, send email to mq...@googlegroups.com.
> Visit this group at https://groups.google.com/group/mqtt.
> For more options, visit https://groups.google.com/d/optout.