Skip to main content

MQTT TLS over port 443 to Amazon server

Comments

8 comments

  • Kyle Reynolds

    Sure, you can change the port: 

    I would also say, this is not an incoming port on the firewall, the MQTT client (Flexy) is sending outgoing traffic.

    I haven't tested using port 443. It's definitely unusual, but I don't see why not. The only potential conflict I see is if you were using port 443 for a VPN connection as well. You would have to test it. 

    0
  • Ad Hofman

    I know I can change the port. The problem is that the Amazon IOT Core server only listens on port 8883. Port 443 can only be used with the ALPN protocol. Which is not supported know by the Ewon (I think).

    Other ports cab not be used at the Amazon side.

    Outgoing port 8883 is blocked on the customers firewall. They want to open this port to one or a few destination IP addresses. The Amazon IP list is too long.

    Port 443 is already open and it should be very nice if I can use this with ALPN

    I found this link, in 2022 there was no support for ALPN. I think there are more and more restricted firewalls. The need for this ALPN support is increasing.

    https://techforum.ewon.biz/thread-1913.html?highlight=ALPN

     

    0
  • Kyle Reynolds

    Why wouldn't they just allow outgoing traffic on port 8883 to certain devices? They could allow only the Flexy to use this port by its IP address or MAC address. 

    I can certainly pass on this information about ALPN, but I'm fairly certain this is not on the roadmap. If you have a compelling business case for this, I recommend reaching out to your sales contact, who can make the case for it to the developers.

    I appreciate the feedback, and I will also pass it on through my channels.

     

    0
  • Kyle Reynolds

    I was doing a little more research on this and ALPN is just a TLS extension and should be included in OpenSSL versions 1.0.2 and newer. We did update the version of OpenSSL in firmware 14.8 on the Flexy, so I would expect this to work, as long as you are using the latest firmware. 

    Have you tested this using the latest firmware? 

     

    0
  • Ad Hofman

    I have not tested it yet.

    I thought it was not supported. I will test it soon. thanks

    0
  • Ad Hofman

    i have a basic program in the ewon . Which is connecting to the amazon server on port 8883.

    I can easy change the port to 443.  But i don't know how i enable the ALPN protocol ? And if this is supported by this function ? 

     

    Function MosquittoInit()
     MQTT "open",DeviceID$, Endpoint$
     MQTT "setparam", "port", "443"
     MQTT "setparam", "log", "1"
     MQTT "setparam", "keepalive", "300"
     MQTT "setparam", "cafile","/usr/AmazonRootCA1.pem"
     MQTT "setparam", "certfile","/usr/"+DeviceID$+".crt"
     MQTT "setparam", "keyfile","/usr/"+DeviceID$+".key"
    ENDFN
    Function MosquittoConnect()
     MQTT "connect"

    0
  • Ad Hofman

    https://developer.ewon.biz/system/files_force/rg-0006-01-en-basic-programming.pdf

    I found this document. I don.t know if this is the latest version ?

    In the MQTT description there is nothing to find about ALPN ? I think it is not supported (yet)?

    0
  • Siobhan Chapman

    That is the latest version of the BASIC programming manual and you are correct, ALPN is not supported by the Flexy and at this time we do not have this on the roadmap. Please contact your local HMS Ewon channel partner if you wish to make a case to have this feature added to the future enhancements wishlist.

     

    0

Please sign in to leave a comment.