Skip to content

Commit

Permalink
Fix DH group not being set for TLS connections.
Browse files Browse the repository at this point in the history 
This meant ciphers using DHE couldn't be used.

Closes eclipse#1925. Closes eclipse#1476. Thanks to Jonathan Sönnerup, Valerii
Demeshko, and sectokia.
  • Loading branch information
@ralight @fAuernigg
ralight authored and fAuernigg committed Jan 4, 2021
1 parent 2729966 commit d44d04e
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
2 changes: 2 additions & 0 deletions ChangeLog.txt
View file
@@ -1,6 +1,8 @@
Broker:
- Fix websockets connections on Windows blocking subsequent connections.
Closes #1934.
- Fix DH group not being set for TLS connections, which meant ciphers using
DHE couldn't be used. Closes #1925. Closes #1476.

Apps:
- Fix `mosquitto_passwd -U`
Expand Down
3 changes: 3 additions & 0 deletions src/net.c
View file
Expand Up @@ -373,6 +373,9 @@ int net__tls_server_ctx(struct mosquitto__listener *listener)
SSL_CTX_set_ecdh_auto(listener->ssl_ctx, 1);
#endif
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
SSL_CTX_set_dh_auto(listener->ssl_ctx, 1);
#endif

#ifdef SSL_OP_NO_RENEGOTIATION
SSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_RENEGOTIATION);
Expand Down

0 comments on commit d44d04e

Please sign in to comment.