Internet of Things use cases require MQTT communications to be secured, but secure authentication and encryption are not part of the MQTT specification. It is therefore common to use MQTT in combination with Transport Layer Security (TLS). Transport Layer Security (TLS) is a cryptographic protocol that is designed to provide security for communication over the internet between a client and server. It is meant to ensure the safe delivery of data between a client and server, but it does NOT account for security at the endpoints (client/server side). Clients must signify to the server they wish to establish a TLS connection to engage in a handshake protocol to authenticate both parties. Once the handshake protocol has been completed, data can be sent between the two parties through an encryption method the two parties mutually agree upon. In basic TLS, only the server (MQTT broker) is authenticated. In “mutual authentication”, the server will also authenticate the identity of the MQTT client.
The TLS Protocol implemented is v1.2