MQTT SSL (Question)

[DaniilMir]

I've searched for existing issues and didn't found anything related to MQTT SSL connection.
As I can see this project is using SSL for Pushbullet, Email and SMS.
Are there options to enable SSL connection to the MQTT Server?
In my environment port 1883 is disabled for security reasons.

[taligentx]

Hi @DaniilMir - I haven't tested secure MQTT, it does appear possible for the ESP8266/ESP32 given the discussion at knolleary/pubsubclient#462 . PRs welcome for secure MQTT versions of the built-in example sketches!

[taligentx]

Hi @DaniilMir - after testing, secure MQTT works fine and you can use the Pushbullet sketch as a example. For example, to switch to secure MQTT for the HomeAssistant-MQTT sketch:

1. Include WiFiClientSecure.h:

   #include <ESP8266WiFi.h>
   #include <WiFiClientSecure.h>
   #include <PubSubClient.h>
   #include <dscKeybusInterface.h>
   

2. Set mqttPort to 8883.
3. Replace WiFiClient wifiClient; with WiFiClientSecure wifiClient;
4. Set the encryption authenticate method in setup() - for testing without authenticated the MQTT server's certificate:

   wifiClient.setInsecure();
   mqtt.setCallback(mqttCallback);
   

[DaniilMir]

Hello @taligentx
Sorry for not replying in time.
For me this was solved by adding a fingerprint and using "setFingerprint" option :

const char  mqttFingerprint[] PROGMEM = "XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX";
ipClient.setFingerprint(mqttFingerprint);

wifiClient.setInsecure(); worked as well, but my internal paranoid was not happy about bypassing server cert validation.

[Dilbert66]

I tend to prefer using setcacert instead of a fingerprint as it uses the longer duration root ca cert which can be up to 10 years . Of course the fingerprint is easier as it's a much smaller block of data.