Broker security works with basic authentication over one-way SSL authentication.

Whether you implement basic authentication with one-way SSL authentication or two-way SSL authentication, a client authenticates the identity of the Broker Server using the Broker Server’s SSL certificate, and the client connection is made using basic authentication. You can optionally encrypt this connection through settings on the client for higher security.

In order to use SSL encryption with basic authentication, you only need to specify a truststore and not a keystore.

Clients can access any Broker object protected by an ACL, as long as that client's basic authentication identity is listed in the object's ACL.