Add support for MQTT SSL

[xoseperez]

Originally reported by: Minh Phuong Ly (Bitbucket: phuonglm, GitHub: phuonglm)

---

Want to connect my node to public MQTT server or cloud service but because SSL it not supported yet so username and password can be sniff easily.
There are some try and failed (homieiot/homie-esp8266#108) but I hope we can implement it right.

[xoseperez]

Original comment by Bohdan Shcherbak (Bitbucket: bsh314, GitHub: bsh314):

---

Hello Minh! I'l try to create pull request this month with ssl support. PuibsubClient supports WifiSecureClient, so it can't be that dificult, the only hard thing is create new input in web gui & use that for tls fingerprint.

[xoseperez]

AsyncMqttClient should also support SSL if using the staging branch of Arduino Core ESP8266 with minor modifications on the code. Had no time to test it yet.

[xoseperez]

Original comment by Bohdan Shcherbak (Bitbucket: bsh314, GitHub: bsh314):

---

Thanks for the info! I'll give it a try

[xoseperez]

Original comment by sebastianhanschke (Bitbucket: sebastianhanschke, GitHub: Unknown):

---

Any news? I'd also be interested and happy to try out any beta.

[xoseperez]

Async MQTT just added support for SSL. I'm worried about memory requierement, thou. Else will be added for 1.9.

[xoseperez]

Version 1.9.0 adds support for TLS/SSL MQTT connections.
it's still somewhat a test feature but it looks reasonably well, except for the fact that consumes so much memory you might run into issues using the web interface. That's why version 1.9.0 also includes the option to disable the web interface.

To build a TLS compatible version of the firmware you need the staging ESP8266 Arduino Core branch and compile the firmware passing the ASYNC_TCP_SSL_ENABLED=1 build flag. if you are disabling web support (WEB_SUPPORT=0) you might want to hardcode some other settings (WIFI#_SSID, WIFI#_PASS, MQTT_SERVER, MQTT_SSL_ENABLED, MQTT_SSL_FINGERPRINT,...).

Next will be to add support when using PubSubClient library too.

[xoseperez]

Current status:

• SSL using AsyncMqttClient (MQTT_USE_ASYNC=1, default): working, has memory issues when using web server too
• SSL using PubSubClient (MQTT_USE_ASYNC=0): not working yet

[xoseperez]

Support using PubSubClient (MQTT_USE_ASYNC=0) will be released with 1.9.3.

As for AsyncMqttClient (MQTT_USE_ASYNC=1) , it will not be onthe prebuilt images, you will have to compile it yourself since you need to decide a few things.
Anyway there are a few recomendations:

When using MQTT_USE_ASYNC=1 its recommended to disable web support (WEB_SUPPORT=0). You will be able to configure it via compile time settings, serial or telnet.

When using MQTT_USE_ASYNC=0 all the modules that use ESPAsyncTCP should be disabled, that means: WEB_SUPPORT=0, ALEXA_SUPPORT=0, TELNET_SUPPORT=0 and INFLUXDB_SUPPORT=0. Thus, it's not recommended to use this configuration since it disables a lot of cool features in the firmware.

[xoseperez]

Released with 1.9.3