Fix DH group not being set for TLS connections.

This meant ciphers using DHE couldn't be used. Closes #1925. Closes #1476. Thanks to Jonathan Sönnerup, Valerii Demeshko, and sectokia.
eclipse · Dec 9, 2020 · e81216c · e81216c
1 parent d429c54
commit e81216c
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/ChangeLog.txt b/ChangeLog.txt
@@ -1,5 +1,7 @@
 Broker:
 - Fix crash on Windows if loading a plugin fails. Closes #1866.
+- Fix DH group not being set for TLS connections, which meant ciphers using
+ DHE couldn't be used. Closes #1925. Closes #1476.
 - Fix listener not being reassociated with client when reloading a persistence
  file and `per_listener_settings true` is set and the client did not set a
  username. Closes #1891.

diff --git a/src/net.c b/src/net.c
@@ -369,6 +369,9 @@ int net__tls_server_ctx(struct mosquitto__listener *listener)
  SSL_CTX_set_ecdh_auto(listener->ssl_ctx, 1);
 #endif
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ SSL_CTX_set_dh_auto(listener->ssl_ctx, 1);
+#endif
 
 #ifdef SSL_OP_NO_RENEGOTIATION
  SSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_RENEGOTIATION);