This needs to be enforced by the server too, if it accepts bearer tokens.. and make it the default.. There are some cases in controlled environments you need to switch-off TLS too..
Thanks & regards, -Prabath On Mon, Feb 8, 2016 at 11:16 PM, Ayyoob Hamza <[email protected]> wrote: > > Please make sure that when bearer tokens are used for authentication, MQTT >> runs over TLS.. >> > Just having a doubt on whether isn't this supposed to be enforced by the > client or does it needs to be enforced by the server since it supports both > the communication. > > Thanks > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
