Mosquitto has no option to configure TLS 1.3 cipher suites.

[valentindimov]

When the broker or client library are set to use TLS 1.3, it seems the ciphers option doesn't affect which TLS 1.3 cipher suites are used at all, and in fact throws an error if a string like "TLS_AES_128_GCM_SHA256" is given.

Looking through the code (src/net.c in particular), I can see the library makes the call to SSL_CTX_set_cipher_list(). According to the OpenSSL manual (https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_ciphersuites.html), this call is only meant for TLS 1.2 and below. For TLS 1.3, the correct call would be SSL_CTX_set_ciphersuites().

As a proposed fix, listener -> tls_version can be used to check if TLS 1.3 is used, and if so, SSL_CTX_set_ciphersuites() can be called instead of SSL_CTX_set_cipher_list().

[ralight]

I've now added the ciphers_tls1.3 option to handle this. Thanks for reporting :)

[umorelli]

@ralight This fix should also solve #1283. Unfortunatly, I tried but I was still not able to enforce a specific TLS 1.3 cipher.

Steps to test with respect to test.mosquitto.org:

• Access the eclipse-mosquitto:2-openssl Docker container with docker exec -it <container-id> sh and download the mosquitto.org.crt CA file with wget https://test.mosquitto.org/ssl/mosquitto.org.crt

• Use the Alpine packet manager to update the packets list, upgrade installed packets, install openssl and use it to get a list of locally supported TLS 1.3 ciphers:

  • apk update && apk upgrade && apk add openssl
  • openssl ciphers -s -tls1_3

• Working command: mosquitto_pub -h test.mosquitto.org -p 8883 --cafile mosquitto.org.crt -t "Ciphers_TEST" -m "Message" --tls-version tlsv1.3 (verified with Wireshark the use of TLS_AES_256_GCM_SHA384)

• Not working command: mosquitto_pub -h test.mosquitto.org -p 8883 --cafile mosquitto.org.crt -t "Ciphers_TEST" -m "Message" --tls-version tlsv1.3 --ciphers TLS_AES_128_GCM_SHA256 (returns Unable to connect (A TLS error occurred.).)

An error ('No cipher can be selected.',) is also provided if I specify a TLS 1.3 cipher (e.g., TLS_AES_128_GCM_SHA256) with paho-mqtt as follows - but works with TLS 1.2 ciphers.

client.tls_set('mosquitto.org.crt',
       None,
       None,
       cert_reqs=ssl.CERT_REQUIRED,
       tls_version=ssl.PROTOCOL_TLS,
       ciphers="TLS_AES_128_GCM_SHA256")

According to Testssl, test.mosquitto.org should support the following TLS 1.3 ciphers: TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256 and TLS_AES_128_GCM_SHA256.

I tried also locally (eclipse-mosquitto:2-openssl Docker container and self-signed certificates and keys) with the following Mosquitto configuration. If i force the TLS 1.3 cipher, paho-mqtt provides always the same error, while if I remove the ciphers param from tls_set and verify with Wireshark, the selected CipherSuite is TLS_AES_256_GCM_SHA384 (as reported in #1283).

listener 8883
tls_version tlsv1.3
ciphers_tls1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
allow_anonymous true

cafile certs/ca.crt
certfile certs/server.crt
keyfile certs/server.key

require_certificate true