Support of TLS with TLS engine in MQTT clients such as Chirpstack Network

ashwani.singla · August 10, 2022, 7:05am

I am trying to implement the mTLS over MQTT with TLS version 1.1 and TLS engine in the Chirpstack application.

For example, for the mosquito client, I have started with the following parameters:

mosquitto_sub --cafile /tmp/certificates/authority.pem --tls-engine dbus --keyform engine --key /tmp/dbus-device-key.pem --cert /tmp/certificates/device.pem -h -p 10883 --tls-version tlsv1.1 -v -t ‘test/topic’

Now I want to securely communicate with the Chirpstack network server, application server and gateway bridge using MQTT.
In the mosquitto.conf file, there are a few parameters viz #certfile and #keyfile and corresponding parameters are mentioned in the Chirpstack toml file as ca_cert, tls_cert and tls_key.

But I also want to use --tls-engine, --keyform, and, --tls-version. These are not available in the default toml file.

Are these flags supported or not? If these are supported, what are the corresponding names of the parameters that can be used in the toml file?

brocaar · August 10, 2022, 10:37am

These flags do not exist in the ChirpStack configuration.

ashwani.singla · August 10, 2022, 11:47am

@brocaar is there any way to implement them? Can it be done by modifying the source code or we can do it using any other way?

brocaar · August 11, 2022, 3:18pm

Probably some of these options can be configured in code, but please note that the ChirpStack Network Server uses the Go TLS libraries, not OpenSSL, so I’m not sure what is possible for your specific use-case.