HiveMQ

HiveMQ CE - mqttv5 Enhanced Authentication and no TLS

Hi everyone,

I’m currently developing a simple application running MQTTv5, but with some constraints:

It doesn’t matter which kind of authentication mechanism it uses (SCRAM-SHA-1 or GS2-KRB5) but there must be one since TLS is not present.
I’ve downloaded the latest version of HiveMQ CE from GitHub (which I’ve found to be the only open source broker supporting this MQTTv5 feature) along with the extension-sdk and compiled it.
Once started, on the broker logs, it prints out the following message:

###############################################################################
# No security extension present, MQTT clients can not connect to this broker. #
###############################################################################
2021-04-21 12:27:21,133 INFO  - Starting TCP listener on address 0.0.0.0 and port 1883
2021-04-21 12:27:21,152 INFO  - Started TCP Listener on address 0.0.0.0 and on port 1883
2021-04-21 12:27:21,153 INFO  - Started HiveMQ in 2082ms

Indeed if I try to connect from a client I get this error:

~$ mosquitto_sub -V 5 -t "test"
Connection error: Not authorized

If I try to set a specific authentication method I get this error:

~$ mosquitto_pub -V 5 -t 'test' -m 'ok' -D CONNECT authentication-method SCRAM-SHA-1
Connection error: Not authorized
Error: A network protocol error occurred when communicating with the broker.

From the broker configuration, I’ve found no way to entirely disable TLS and enable the standard enhanced authentication.

Do you know how can I implement this solution? Or do you have any reference of something similar already implemented?

Thank you in advance.
Davide