eDomoticz MQTT and TLS?

Post Reply
drbrains
Posts: 8
Joined: Sunday 26 February 2017 17:45
Target OS: Raspberry Pi
Domoticz version: v3.6799
Contact:

eDomoticz MQTT and TLS?

Post by drbrains » Sunday 26 February 2017 18:02

I have been using the eDomoticz plugin and I love how I can talk to Siri or jus use the iOS 10 Home app out-of-the-box with Domoticz.

I am upgrading my own devices and adding security in the process. One feature I would love to see is adding TLS to the MQTT communication as we already have SSL to Domoticz. Could this be added even with "just" TLS Fingerprinting.

Keep up this great project!

SweetPants
Posts: 1597
Joined: Friday 12 July 2013 21:24
Target OS: Linux
Domoticz version: V3.8775
Location: The Netherlands
Contact:

Re: eDomoticz MQTT and TLS?

Post by SweetPants » Sunday 26 February 2017 20:08

There was an attempt to implement MQTT TLS a while ago, but it broke the whole MQTT implementation so it was reverted. If you want you can try ti implement it yourself https://github.com/eclipse/mosquitto

drbrains
Posts: 8
Joined: Sunday 26 February 2017 17:45
Target OS: Raspberry Pi
Domoticz version: v3.6799
Contact:

Re: eDomoticz MQTT and TLS?

Post by drbrains » Monday 27 February 2017 6:13

implement it myself ;) Okay, I will have a look, but JavaScript is not my language, but I should be able to sort of follow the code. Keep you adviced of any progress

drbrains
Posts: 8
Joined: Sunday 26 February 2017 17:45
Target OS: Raspberry Pi
Domoticz version: v3.6799
Contact:

Re: eDomoticz MQTT and TLS?

Post by drbrains » Monday 27 February 2017 11:04

Need help getting the CA path from Domoticz. Could someone point me in the right direction:

Index.JS is getting information from Domomoticz: mqttHardware.Port, mqttHardwatre.Username. But I can't find the reference for the CA Filename (certificate path).

drbrains
Posts: 8
Joined: Sunday 26 February 2017 17:45
Target OS: Raspberry Pi
Domoticz version: v3.6799
Contact:

Re: eDomoticz MQTT and TLS?

Post by drbrains » Tuesday 28 February 2017 16:48

Progress: doing "dirty" patch just to the MQTT.js I can connect with to port 8883 with TLS using the same CA.crt as I am using for Domoticz. Using different user/password to see the difference in my mosquito.log

Now I need an answer to my previous question and see if I can make it automatic switch between non secure and TLS based on CA setting in Domoticz.

drbrains
Posts: 8
Joined: Sunday 26 February 2017 17:45
Target OS: Raspberry Pi
Domoticz version: v3.6799
Contact:

Re: eDomoticz MQTT and TLS?

Post by drbrains » Thursday 02 March 2017 7:09

Nevermind: I found it myself. Why easier then I expected.

I am having it automatically using the CA certificate from Domoticz if it is defined or I can use an additional parameter: "cacert" in the config.json if provided. Where/How do I upload my new code so someone could have a look at it and maybe even implement it in a new release ??

Using the CA.crt as Domoticz does is not the best way (should be using client certificates), but at least now all the MQTT messages can be encrypted. For the Domoticz to MQTT and the Homebridge plugin it is not so relevant since most users will run in on their own local broker most likely on the same device so all communication is to localhost (127.0.0.1). But my other (EPS8266) devices can now send TLS encrypted messages over WiFi without me having to open the standard unsecure (1883) port.

SweetPants
Posts: 1597
Joined: Friday 12 July 2013 21:24
Target OS: Linux
Domoticz version: V3.8775
Location: The Netherlands
Contact:

Re: eDomoticz MQTT and TLS?

Post by SweetPants » Thursday 02 March 2017 9:20

PM GizMoCuZ, maybe he is willing to help you create a pull request and get your code in.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest