[Feature request]: Support for secure connections (MQTTS)

Question

[Feature request]: Support for secure connections (MQTTS)

Closed this issue 6 months ago · 4 comments

Is your feature request related to a problem? Please describe

My MQTT server enforces TLS to make sure that communications aren't being sent in the clear over the internet.
Because ps5-mqtt doesn't support making a secure connection it's not possible to use ps5-mqtt with mqtt brokers that only support mqtts/tls for access.

I get the following errors when I try to connect:

Starting PS5-MQTT...
node:internal/process/promises:279
            triggerUncaughtException(err, true /* fromPromise */);
            ^

Error: read ECONNRESET
    at TCP.onStreamRead (node:internal/stream_base_commons:217:20) {
  errno: -104,
  code: 'ECONNRESET',
  syscall: 'read'
}

I need support for TLS (aka mqtts) as well as the ability to pass in certificates so that the connection can be validated properly.

Describe the solution you'd like

It would be awesome if ps5-mqtt added support for mqtts and specifying the certificates to be passed in as part of the config. (i.e. similar to how it is supported in Home Assistant)
In the connect function for the MQTT library you use it indicates this is supported:
In case mqtts (mqtt over tls) is required, the options object is passed through to [tls.connect()](http://nodejs.org/api/tls.html#tls_tls_connect_options_callback).

Describe alternatives you've considered

Alternatives:

Remove encryption from my existing MQTT server. This would not be a workable solution because my server is on the public internet.
Create an additional (unsecured) MQTT server specific for ps5-mqtt and then create some type of bridge that could copy the messages back and forth to the MQTT server that my home assistant server uses.

Additional context

Thank you for your consideration.

Answer 1 · 2024-04-03T00:48:03.000Z

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days

Answer 2 · 2024-04-04T15:35:59.000Z

This feature is still needed for secure connections. Does most everyone run insecure mqtt servers?

Answer 3 · 2024-04-04T17:27:51.000Z

I've currently not got any spare time to work on anything other than critical bugs. (We're expecting twins very soon 😉)

Does most everyone run insecure mqtt servers?

99% of users run a local mqtt broker. Either in a docker container or on their HA instance in an add-on. This means there is very little requirement for ssl connections.

Nonetheless, if people do require want it there's no reason to at least put it on the backlog.

All that being said, I'm of course accepting PR's for this or any other new features the community wants. 😊

Answer 4 · 2024-05-05T00:53:56.000Z

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days