HiveMQ Security

Security is a key concern for any IoT application. HiveMQ implements the security features required for safe and secure enterprise IT and OT deployments.

Key Features

TLS / SSL Encryption

  • Secure communication between HiveMQ and MQTT clients
  • Secure communication between HiveMQ cluster nodes
  • Native TLS/SSL support for increased performance
  • OCSP Stapling caches the result of the OCSP responder with the Broker so individual MQTT clients no longer need to check OCSP

Authentication & Authorization

  • Username & password
  • OAuth 2.0 (JWT)
  • X.509 client certificates
  • Fine-grained & dynamic permissions
  • Support of external data sources for credentials, roles and permissions
  • Lightweight Directory Access Protocol (LDAP)

Overload Protection

  • Throttles overactive publishing clients so HiveMQ broker is not overloaded
  • Dramatically improves the resiliency of a HiveMQ cluster

Tracing of accesses

  • Access log for MQTT clients
  • Audit log for Control Center actions

HiveMQ Security Architecture

HiveMQ and Kafka architecture
Enterprise Security Extension Logo
HiveMQ Logo
HiveMQ Enterprise Security Extension (ESE) Key Features
checkmark icon Integration with third party enterprise security systems, includes support for authentication and authorization using SQL databases, OAuth 2.0 and LDAP book icon
checkmark icon Preprocessing of authentication and authorization data coming from a MQTT client book icon
checkmark icon A structured access log for tracking security related device information book icon
checkmark icon Allow for fine-grained authorization rules that can specify permissions for specific clients or a group of clients book icon
checkmark icon Access control for the HiveMQ Control Center book icon
arrow right icon Download ESE

Security Features in HiveMQ Broker

HiveMQ Logo
HiveMQ Broker Security Features
checkmark icon Default support for TLS book icon
checkmark icon Support for Java Key Store and Java Trust Stores to store X.509 certificates and encryption keys book icon
checkmark icon Configuration to limit valid Cipher Suites book icon
checkmark icon Cluster overload protection that allows for throttling MQTT clients book icon
checkmark icon Increase performance via native SSL support (Enterprise Edition Only) book icon
checkmark icon OCSP stapling to increase performance of client TLS connection (Enterprise Edition Only) book icon
checkmark icon A structured audit log for tracking security related control center user information (Enterprise Edition Only) book icon
arrow right icon Download HiveMQ

Contact us to discuss how HiveMQ can add security to your MQTT and IoT deployment.