Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

client: option --ciphers is ignored (if not together with --tls-version) #380

Closed
zarnovican opened this issue Feb 15, 2017 · 1 comment
Closed

client: option --ciphers is ignored (if not together with --tls-version) #380

zarnovican opened this issue Feb 15, 2017 · 1 comment
Labels
Component: mosquitto-clients Type: Bug
Milestone
1.4.11

Comments

@zarnovican
Copy link

In Mosquitto client, if you specify option --ciphers <foo>, client will still offer the full set of available cipher suites to the TLS server (verified by Wireshark).

To make --ciphers option work, you also have to specify option --tls-version (https://github.com/eclipse/mosquitto/blob/master/client/client_shared.c#L693). This is not apparent from the documentation or command output, making it a poor user experience.

I would suggest one (or more) of the following:

  • update doc: add a comment to man page (and inline help). Currently it's just
       --ciphers
           An openssl compatible list of TLS ciphers to support in the client. See ciphers(1) for more information.
  • code change: print a warning when --ciphers is specified without --tls-version
  • code change: accept and set ciphers ever even if no --tls-version was specified
ralight added a commit that referenced this issue Feb 15, 2017
@ralight
Use of --ciphers no longer requires you to also pass --tls-version.
10c8975 
Closes #380.

Bug: #380
@ralight ralight added this to the fixes-next milestone Feb 15, 2017
@ralight
Copy link
Contributor

ralight commented Feb 15, 2017

Thanks very much, the most sensible option is to allow --ciphers on its own. That's what I've just committed.

@ralight ralight closed this as completed Feb 15, 2017
ralight added a commit that referenced this issue Feb 20, 2017
@ralight
Use of --ciphers no longer requires you to also pass --tls-version.
cac5464 
Closes #380.

Bug: #380
@lock lock bot locked as resolved and limited conversation to collaborators Aug 8, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Component: mosquitto-clients Type: Bug
Projects
None yet
Milestone
1.4.11
Development

No branches or pull requests
2 participants
@ralight @zarnovican