Limitations when configuring an MQTT broker

Connections to local devices are made without using a TLS protocol. Connections to devices on an external network are made using a TLS protocol.

Kaspersky IoT Secure Gateway 1000 supports configuration of the MQTT broker Eclipse Mosquitto with the following limitations:

It is not permitted to use the capath and bridge_capath parameters to assign the path to file locations.
It is not permitted to use the TLS protocol to configure a connection of equipment with Kaspersky IoT Secure Gateway 1000.
The following parameters are not supported when configuring a connection with Kaspersky IoT Secure Gateway 1000 from internal network: cafile, certfile, ciphers_tls1.3, crlfile, dhparamfile, keyfile, require_certificate, tls_engine, tls_engine_kpass_sha1, tls_keyform, use_identity_as_username, use_subject_as_username, psk_hint.
It is required to use the TLS protocol for connection of Kaspersky IoT Secure Gateway 1000 with devices or cloud services in the external network.
The following parameters are not supported when configuring a connection: bridge_insecure (always false), bridge_alpn, bridge_capath, bridge_identity, bridge_psk, bridge_require_ocsp, bridge_tls_version.
There can be a connection with only one client application for each MQTT broker profile (you can indicate only one bridge parameter in the configuration file). Simultaneous operations with multiple client connections are not supported. To establish a connection with another client, you must switch to a different MQTT broker profile.
The following parameters are not supported when configuring an MQTT broker profile: bridge_require_ocsp, log_dest file, pid_file, http_dir, persistence, websockets, auth_plugin, password_file, allow_anonymous.
To connect the MQTT broker to a digital platform that supports the MQTT protocol, you must specify the standard port 8883 for the connection.
Port 1883 must be used to connect an end user device to Kaspersky IoT Secure Gateway 1000.

Page top