Hello,
I would like to know if pre-shared keys / PSK mode is also supported for the mqtt-sn gateway or only cert mode? In the configuration for the listener I can only find fields to set tls certificates + key.
However, I configured a psk-file in the config. how can this be connected?
Thanks 
Hi. Sorry for not replying to you in time.
We don’t yet support PSK for MQTT-SN, you probably have MQTT configured.
I will feed this requirement back to the product team. Could you tell me what version of EMQX you are using? Considering that MQTT-SN in version 4.x does not support DTLS yet, we may implement it in version 5.0 first.
Thanks for your help.
I am using emqx version 5.0.
Sorry, I need to corrent that. We have supported PSK for MQTT-SN in EMQX 5.0, you can found psk_authentication in Configuration Manual.
However, there is a not-so-good limitation. Now if you enable PSK, then all devices, no matter MQTT, MQTT-SN, STOMP, must be connected by PSK.
We are discussing improving this behavior.
Thanks for your update. Could you please tell me how to configure the mqtt-sn gateway for DTLS over UDP connections with PSK?
I did configure in the emqx.conf:
psk_authentication {
enable = true
init_file = “data/init.psk”
separator = “:”
chunk_size = 50
}
However, while configuring the dtls listener in the emqx dashboard (/gateway/detail/mqttsn/listeners) I can only select the TLS Certs and keys. No field to select PSK.
Would it look like in the emqx.conf like this:
gateway.mqttsn {
mountpoint = “mqtt/sn”
gateway_id = 1
broadcast = true
enable_qos3 = true
listeners.dtls {
enable = true
bind = 1884
max_connections = 10240000
max_conn_rate = 1000
authentication {
enable = true
backend = “built_in_database”
mechanism = “password_based”
user_id_type = “clientid”
password_hash_algorithm = “authn-hash:other_algorithms”
}
}
}
You just need to configure the correct cipher suite, you can refer to PSK Authentication in SSL/TLS.
Hi Guys,
I’d like to join the question anma asked a while ago.
Could you please provide an example for an MQTT-SN Gateway with PSK for DTLS?
EMQX-Dashboard does not provide the function to configure this. Trying only in emqx.conf was not successfull either.
Thank you very much.
I tried this:
gateway.mqttsn {
mountpoint = "mqttsn/"
gateway_id = 1
broadcast = true
enable_qos3 = true
listeners.dtls.mqttsnincoming {
enable = true
bind = "0.0.0.0:1884"
proxy_protocol = false
proxy_protocol_timeout = 3s
# to verify client certs
ssl_options.verify = verify_peer
ssl_options.versions = ["tlsv1.2"]
ssl_options.ciphers = [PSK-AES256-GCM-SHA384,PSK-AES128-GCM-SHA256,PSK-AES256-CBC-SHA384,PSK-AES256-CBC-SHA,PSK-AES128-CBC-SHA256,PSK-AES128-CBC-SHA,RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,RSA-PSK-RC4-SHA]
ssl_options.keyfile = "etc/certs/key.pem"
ssl_options.certfile = "etc/certs/cert.pem"
ssl_options.cacertfile = "etc/certs/cacert.pem"
max_connections = 10240000
max_conn_rate = 1000
tcp_options.backlog = 1024
tcp_options.buffer = 4KB
}
}
And this is the error-message:
2023-07-14T14:25:16.255785+02:00 [error] #{kind => validation_error,path => "gateway.mqttsn.listeners.dtls.default",reason => unknown_fields,unknown => "ssl_options",unmatched => "acceptors,access_rules,..."}
Another try, this time as close as possible to emqx-documentation.
gateway.mqttsn {
mountpoint = "mqttsn/"
gateway_id = 1
broadcast = true
enable_qos3 = true
listeners.dtls.default {
acceptors = 16
udp_options {
active_n = 10
}
enable = true
bind = "0.0.0.0:1884"
max_connections = 10240000
max_conn_rate = 1000
dtls_options.versions = ["tlsv1.2", "tlsv1.1"]
dtls_options.ciphers = [RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384, RSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256, RSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA, RSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA]
}
}
This is the received error-message:
2023-07-18T11:45:02.775144+02:00 [error] failed_to_check_schema: emqx_conf_schema
2023-07-18T11:45:02.794381+02:00 [error] #{kind => validation_error,path => "gateway.mqttsn.listeners.dtls.default.dtls_options.versions",reason => {unsupported_tls_versions,['tlsv1.2','tlsv1.1']},value => ['tlsv1.2','tlsv1.1']}
ERROR: call_hocon_failed: -v -t 2023.07.18.11.44.58 -s emqx_conf_schema -c /opt/rdsapps/tools/emqx/emqx/etc/emqx.conf -d /opt/rdsapps/tools/emqx/emqx/data/configs generate
According to Configuration Files | EMQX 5.0 Documentation this should have worked.
Could you please provide a working configuration?