Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[Server] Port 1883 is used even if only the encrypted port should be used.
See original GitHub issueDescribe the bug
It seems like the default non HTTPS port 1883 is used even if only .WithEncryptedEndpoint().WithEncryptedEndpointPort(8883) is called.
Which project is your bug related to?
- MQTTnet.Server standalone
- Server
To Reproduce
Steps to reproduce the behavior:
- Using this version of MQTTnet ‘3.0.0.5’.
- Run the code from the example below.
Expected behavior
Only port 8883 should be used to allow MQTT/S traffic only.
Screenshots
Before the start of the service
After the start of the service
Testing locally with the simplified example
Additional context / logging
The service is run using Topshelf on a Windows server. However, this behaviour can be seen on a local instance as well (Running in debug mode, etc.). The whole stuff of connection validation doesn’t have an impact at all and can be removed from the example code, but I left it in for completeness and reference. The issue occurs in the simplified example as well. The process is the one of MQTTnet as it can be seen in the screenshots above.
Am I missing something @chkr1011?
Code example
namespace Test
{
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using MQTTnet;
using MQTTnet.Protocol;
using MQTTnet.Server;
using System.Reflection;
public class User
{
public string UserName
{
get;
set;
}
public string Password
{
get;
set;
}
}
public class Test
{
public static void Main()
{
IMqttServer mqttServer;
var currentPath = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
var users = new List<User>{new User{UserName = "Hans", Password = "Test1234"}};
var certificate = new X509Certificate2(Path.Combine(currentPath, "certificate.pfx"), "asdf", X509KeyStorageFlags.Exportable);
var optionsBuilder = new MqttServerOptionsBuilder().WithEncryptedEndpoint().WithEncryptedEndpointPort(8883).WithEncryptionCertificate(certificate.Export(X509ContentType.Pfx)).WithEncryptionSslProtocol(SslProtocols.Tls12).WithConnectionValidator(c =>
{
var currentUser = users.FirstOrDefault(u => u.UserName == c.Username);
if (currentUser == null)
{
c.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
return;
}
if (c.Username != currentUser.UserName)
{
c.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
return;
}
if (c.Password != currentUser.Password)
{
c.ReasonCode = MqttConnectReasonCode.BadUserNameOrPassword;
return;
}
c.ReasonCode = MqttConnectReasonCode.Success;
}
).WithApplicationMessageInterceptor(message =>
{
Console.WriteLine($"Message: \nClientId = {message.ClientId}, Topic = {message.ApplicationMessage.Topic}," + $" Payload = {Encoding.UTF8.GetString(message.ApplicationMessage.Payload)}, QoS = {message.ApplicationMessage.QualityOfServiceLevel}," + $" Retain-Flag = {message.ApplicationMessage.Retain}");
}
);
mqttServer = new MqttFactory().CreateMqttServer();
mqttServer.StartAsync(optionsBuilder.Build());
}
}
}
Simplified code example
namespace Test2
{
using System.IO;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using MQTTnet;
using MQTTnet.Server;
using System.Reflection;
public class Test
{
public static void Main()
{
IMqttServer mqttServer;
var currentPath = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
var certificate = new X509Certificate2(Path.Combine(currentPath, "certificate.pfx"), "asdf", X509KeyStorageFlags.Exportable);
var optionsBuilder = new MqttServerOptionsBuilder().WithEncryptedEndpoint().WithEncryptedEndpointPort(8883).WithEncryptionCertificate(certificate.Export(X509ContentType.Pfx)).WithEncryptionSslProtocol(SslProtocols.Tls12);
mqttServer = new MqttFactory().CreateMqttServer();
mqttServer.StartAsync(optionsBuilder.Build());
}
}
}
Issue Analytics
- State:
- Created 4 years ago
- Comments:6
Top Results From Across the Web
[Server] Port 1883 is used even if only the encrypted ...
It seems like the default non HTTPS port 1883 is used even if only .WithEncryptedEndpoint().WithEncryptedEndpointPort(8883) is called. Which ...
Read more >Is subscribing to MQTT on port 1883 secure?
Port 1883 is commonly used for unsecured MQTT. This has nothing to do with your router or network being vulnerable. What it means...
Read more >Cannot open port 1883 - firewall
You must investigate the server side: the client doesn't open port 1883, but the first one that's unused. Also, some wi-fi router forbid...
Read more >Connecting Owntrack to my own mqtt broker - Configuration
Unless you have configured it differently, port 1883 is normally used as an unencrypted port. I would not recommend you use this from...
Read more >Mosquitto allow local network access - Configuration
1614361328: Opening ipv6 listen socket on port 1883. I have not found the configuration setting for mosquitto to allow access from my local ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I guess, you’re right… I missed the Without in
WithoutDefaultEndpoint()…In my opinion, this should be documented…
I think that .WithoutDefaultEndpoint() just removes the default 1883 listening port, something like this may work for you based on your example:
var optionsBuilder = new MqttServerOptionsBuilder().WithoutDefaultEndpoint().WithEncryptedEndpoint().WithEncryptedEndpointPort(8883).WithEncryptionCertificate(certificate.Export(X509ContentType.Pfx)).WithEncryptionSslProtocol(SslProtocols.Tls12);