It is a good practice to use the highest possible TLS protocol version. By default, Mosquitto accepts TLS 1.0, 1.1, and 1.2. If all the clients are capable of working with the highest TLS protocol version supported by Mosquitto, we should force Mosquitto to use only the highest version. This way, we make sure that we won't be vulnerable to attacks to the previous TLS versions.
Now, we will make the necessary changes in the configuration file to force the usage of TLS 1.2. In case you are running the Mosquitto server in a Terminal window in macOS or Linux, press Ctrl+C to stop it. In Windows, stop the appropriate service.
Go to the Mosquitto installation directory and open the mosquitto.conf
configuration file.
In macOS, Linux, or Windows, add the following lines at the end of the configuration file:
tls_version tlsv1.2
We specified the tlsv1.2
value for the tls_version
option to make Mosquitto work only with TLS 1.2. Any client that uses an earlier TLS version...