Skip to content

Commit

Permalink
lib: Fix DH group not being set for TLS connections.
Browse files Browse the repository at this point in the history 
This meant ciphers using DHE couldn't be used.

Closes eclipse#1925. Closes eclipse#1476. Thanks to Jonathan Sönnerup, Valerii
Demeshko, and sectokia.
  • Loading branch information
@ralight @fAuernigg
ralight authored and fAuernigg committed Jan 4, 2021
1 parent d44d04e commit 74daa6d
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
4 changes: 4 additions & 0 deletions ChangeLog.txt
View file
Expand Up @@ -4,6 +4,10 @@ Broker:
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes #1925. Closes #1476.

Client library:
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes #1925. Closes #1476.

Apps:
- Fix `mosquitto_passwd -U`

Expand Down
4 changes: 4 additions & 0 deletions lib/net_mosq.c
View file
Expand Up @@ -715,6 +715,10 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
return MOSQ_ERR_INVAL;
}

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
/* Allow use of DHE ciphers */
SSL_CTX_set_dh_auto(mosq->ssl_ctx, 1);
#endif
/* Disable compression */
SSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_COMPRESSION);

Expand Down

0 comments on commit 74daa6d

Please sign in to comment.