search

LordMike / MBW.BlueRiiot2MQTT

Utility to map between Blue Riiots pool API, and Home Assistant MQTT
47 stars 2 forks source link

Add TLS support #78

Closed gummigroda closed 11 months ago

gummigroda commented 1 year ago

Hi, and thanks for the great software.

How much labor would it be to add support for TLS in the MQTT connection? (I'm no dev, and I can't seem to find where the connection to the MQTT server is being made in the code, any hints?)

LordMike commented 1 year ago

Missed this - it should be doable. It actually happens in another project of mine which wraps an MQTT client. The specific lines are here: https://github.com/LordMike/MBW.HassMQTT/blob/7af4e5bd36c1a0faa46cadff664b137fbd5bffb6/MBW.HassMQTT.CommonServices/CommonServicesExtensions.cs#L32-L35

Your TLS setup - is the certificate valid, or do you also need a method to bypass validation?

gummigroda commented 1 year ago

Great, thanks.

I'm using certificates from Let's Encrypt. So, the chain should be valid.

LordMike commented 1 year ago

I'll give it a go, but I have no way of testing. So we'll have to try it out :)

LordMike commented 1 year ago

I've pushed it. The configuration options are linked below. To run this you can pull the :dev docker image.

I think you just need to set:

Of course also setting the port if you run the TLS default (8883) - but you probably already know this. The other options can also be set with the MQTT__ prefix.

https://github.com/LordMike/MBW.HassMQTT/blob/21937f455f4036742c3ebc09ade030696c08e41d/MBW.HassMQTT.CommonServices/CommonMqttConfiguration.cs#L22-L26

gummigroda commented 12 months ago

Okay, I've now enabled TLS and it works after I added MQTT__TlsProtocols: Tls12 as my server don't allow deprecated protocols. Don't know what the 'default' setting is using, but perhaps changing the default to 'Tls12' instead?

Thanks!

LordMike commented 12 months ago

The default is whatever the system uses by default. On windows this has changed over time towards more protocols.

I could set it to a mix of tls 1.0/1.1/1.2/1.3. Buut, when 1.4 or 2.0 drops, I’ll be behind. :/

Sent from Outlook for iOShttps://aka.ms/o0ukef

From: Osterberg @.> Sent: Saturday, August 26, 2023 2:25:58 PM To: LordMike/MBW.BlueRiiot2MQTT @.> Cc: Michael Bisbjerg @.>; Comment @.> Subject: Re: [LordMike/MBW.BlueRiiot2MQTT] Add TLS support (Issue #78)

Okay, I've now enabled TLS and it works after I added MQTT__TlsProtocols: Tls12 as my server don't allow deprecated protocols. Don't know what the 'default' setting using, but perhaps changing the default to 'Tls12' instead?

Thanks!

— Reply to this email directly, view it on GitHubhttps://github.com/LordMike/MBW.BlueRiiot2MQTT/issues/78#issuecomment-1694330118, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAH2YJYXBLZAU4RVOZS5Q2TXXHTNNANCNFSM6AAAAAAY7IPQPQ. You are receiving this because you commented.Message ID: @.***>

gummigroda commented 11 months ago

I'm fine with keeping the default value. Thanks for the support.