Connections to local devices are made without using a TLS protocol. Connections to devices on an external network are made using a TLS protocol.
Kaspersky IoT Secure Gateway 1000 supports configuration of the MQTT broker Eclipse Mosquitto settings with the following limitations:
capath, bridge_capath and include_dir options for assigning the path to file locations.The following parameters are not supported when configuring a connection with Kaspersky IoT Secure Gateway 1000 from the internal network: cafile, certfile, ciphers_tls1.3, crlfile, dhparamfile, keyfile, require_certificate, tls_engine, tls_engine_kpass_sha1, tls_keyform, use_identity_as_username, use_subject_as_username, psk_hint.
The following options are not supported when configuring a connection: bridge_insecure (always false), bridge_alpn, bridge_capath, bridge_cafile, bridge_certfile, bridge_keyfile, bridge_identity, bridge_psk, bridge_require_ocsp, bridge_tls_version.
bridge parameter in the configuration file). Simultaneous operations with multiple client connections are not supported. To establish a connection with another client, you must switch to a different MQTT broker profile. bridge_require_ocsp, log_dest file, pid_file and http_dir, persistence, websockets, auth_plugin, password_file.allow_anonymous option.