High security over MQTT binding

I am quite familiar with MQTT protocol and MQTT binding in openHAB. I use this binding to transfer the data received by my Xiaomi sensors to my application. I should mention that the data is transferred over the internet in the outside world. (The MQTT broker is NOT in my local network). Therefore I need high security.

As far as security is concerned, I have username and password for my MQTT. However, I want more strict security such as data encryption, etc. How can I go about doing this?

If you are using the MQTT protocol inside your LAN and this is protected at your Internet access point with a firewall and your have a decent password on your wifi then this is not necessary.
The devices themselves will not be able to encrypt the messages but it will be sent over your encrypted wifi to your broker.

You should only worry about this when you start communication with the outside world, then you can enable TLS/SSL encryption for your broker.

See this:


But if your devices are not able to send ssl encrypted data then this is no use.

Thank you for your answer. You’ve pointed out one important thing. (outside world). I edited the question to make it more clear.

Yes. My broker is not in my local network.

Why is it not? Is there a reason it can rub on the same machine as openhab?

My MQTT broker is not in my local network. It is located in a different location, in a different part of the city. Therefore, I need to transfer the data over the Internet.

Where is your openhab server?

The openHAB server is up and running in my local network (192.168..). However, the MQTT broker is NOT in my local server. It is instead, located in another network.

So why not put mqtt broker on that same machine?