Limitations when configuring an MQTT broker
Connections to local devices are made without using a TLS protocol. Connections to devices on an external network are made using a TLS protocol.
Kaspersky IoT Secure Gateway 1000 supports configuration of the MQTT broker Eclipse Mosquitto settings with the following limitations:
- It is not permitted to use the
capath
,bridge_capath
andinclude_dir
options for assigning the path to file locations. - It is not permitted to use the TLS protocol to configure a connection of equipment with Kaspersky IoT Secure Gateway 1000.
The following parameters are not supported when configuring a connection with Kaspersky IoT Secure Gateway 1000 from the internal network:
cafile
,certfile
,ciphers_tls1.3
,crlfile
,dhparamfile
,keyfile
,require_certificate
,tls_engine
,tls_engine_kpass_sha1
,tls_keyform
,use_identity_as_username
,use_subject_as_username
,psk_hint
. - It is required to use the TLS protocol for connection of Kaspersky IoT Secure Gateway 1000 with devices or cloud services in the external network.
The following options are not supported when configuring a connection:
bridge_insecure
(alwaysfalse
),bridge_alpn
,bridge_capath
,bridge_cafile
,bridge_certfile
,bridge_keyfile
,bridge_identity
,bridge_psk
,bridge_require_ocsp
,bridge_tls_version
. - There can be a connection with only one client application for each MQTT broker profile (you can indicate only one
bridge
parameter in the configuration file). Simultaneous operations with multiple client connections are not supported. To establish a connection with another client, you must switch to a different MQTT broker profile. - The following options are not supported when configuring an MQTT broker profile:
bridge_require_ocsp
,log_dest file
,pid_file
andhttp_dir
,persistence
,websockets
,auth_plugin
,password_file
. - When configuring an MQTT broker profile, you must use the
allow_anonymous
option. - To connect the MQTT broker to a digital platform that supports the MQTT protocol, you must specify the standard port 8883 for the connection.
- Port 1883 must be used to connect an end user device to Kaspersky IoT Secure Gateway 1000.