New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MQTTS: mosquitto broker doesn't use all cipher suites from OpenSSL #1925
Milestone
Comments
I've been looking into this and see the same as you, but so far I can't see what the difference is between what mosquitto uses and what |
I think mosquitto is missing use of SSL_CTX_set_dh_auto, the default is off, so no DH is supported. Some where in |
Thanks @sectokia , that does indeed seem to fix it. |
fAuernigg
pushed a commit
to fAuernigg/mosquitto
that referenced
this issue
Jan 4, 2021
This meant ciphers using DHE couldn't be used. Closes eclipse#1925. Closes eclipse#1476. Thanks to Jonathan Sönnerup, Valerii Demeshko, and sectokia.
fAuernigg
pushed a commit
to fAuernigg/mosquitto
that referenced
this issue
Jan 4, 2021
This meant ciphers using DHE couldn't be used. Closes eclipse#1925. Closes eclipse#1476. Thanks to Jonathan Sönnerup, Valerii Demeshko, and sectokia.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
In continuation of DHE support issue, found new one. Seems, mosquitto doesn't use OpenSSL fully.
It can't launch broker with some cipher suites that are available in installed version of OpenSSL. During lauch, I see errors:
In this time, I can up OpenSSL server (TCP socket with security) with cmd:
openssl s_server -cert device.crt -key device.key -accept 1885 -cipher DHE-RSA-CHACHA20-POLY1305 -verify 1 -CAfile rootCA_chain.pem -tls1_2
To launch mosquitto broker I've used this config:
Setup: Ubuntu 16.04 with official deb packages:
mosquitto version 1.4.8 (build date Tue, 18 Jun 2019)
OpenSSL 1.1.1a 20 Nov 2018
The text was updated successfully, but these errors were encountered: