i configured TLS on the mosquitto's broker as described , if i understand the real functionality of TLS : it use both asymmetric and symmetric crypto ,asymmetric crypto for changing the key between broker/server and client and symmetric crypto to encrypt the communication between them , here i don't see where is symmetric crypto and if a type mosquitto_sub -v -u "user" -P "password" -t "path/to/topic " --cafile "path/to/ca.crt " how can i know that the communication is encrypted I'm so confused can someone explain ???
Asked
Active
Viewed 121 times
0
-
Try capturing the packets between client and server to see if TLS handshake is indeed happening and if the packets are getting encrypted. – Jay Mar 30 '17 at 17:17
1 Answers
0
I think you are misunderstanding how Transport Layer Security (TLS) functions. In TLS the asymmetric (public/private) encryption is used to allow two systems to agree on a form of encryption to use for communication. See the answer to this question (Which symmetric key algorithm does SSL use?) or if you are a more visual person take a look at the diagram on page 11 of this white paper (https://www.sans.org/reading-room/whitepapers/protocols/ssl-tls-beginners-guide-1029).
In your specific example, what is happening (as I understand it) is that that the Client requests an SSL connection to the Broker. The Broker and Client then use public key encryption to allow the two systems to securely agree on a form of encryption and a shared key.
