Does the MQTT-SN Gateway support pre-shared keys for DTLS?

Hello,
I would like to know if pre-shared keys / PSK mode is also supported for the mqtt-sn gateway or only cert mode? In the configuration for the listener I can only find fields to set tls certificates + key.
However, I configured a psk-file in the config. how can this be connected?

Thanks :slight_smile:

Hi. Sorry for not replying to you in time.

We don’t yet support PSK for MQTT-SN, you probably have MQTT configured.

I will feed this requirement back to the product team. Could you tell me what version of EMQX you are using? Considering that MQTT-SN in version 4.x does not support DTLS yet, we may implement it in version 5.0 first.

Thanks for your help.
I am using emqx version 5.0.

Sorry, I need to corrent that. We have supported PSK for MQTT-SN in EMQX 5.0, you can found psk_authentication in Configuration Manual.

However, there is a not-so-good limitation. Now if you enable PSK, then all devices, no matter MQTT, MQTT-SN, STOMP, must be connected by PSK.

We are discussing improving this behavior.

Thanks for your update. Could you please tell me how to configure the mqtt-sn gateway for DTLS over UDP connections with PSK?

I did configure in the emqx.conf:
psk_authentication {
enable = true
init_file = “data/init.psk”
separator = “:”
chunk_size = 50
}

However, while configuring the dtls listener in the emqx dashboard (/gateway/detail/mqttsn/listeners) I can only select the TLS Certs and keys. No field to select PSK.
Would it look like in the emqx.conf like this:
gateway.mqttsn {
mountpoint = “mqtt/sn”
gateway_id = 1
broadcast = true
enable_qos3 = true
listeners.dtls {
enable = true
bind = 1884
max_connections = 10240000
max_conn_rate = 1000
authentication {
enable = true
backend = “built_in_database”
mechanism = “password_based”
user_id_type = “clientid”
password_hash_algorithm = “authn-hash:other_algorithms”
}
}
}

You just need to configure the correct cipher suite, you can refer to PSK Authentication in SSL/TLS.