Default TLS mode now accepts TLS v1.2, v1.1 and v1.0.
This commit is contained in:
parent
94ec27911b
commit
ae6baad2fa
@ -1,3 +1,5 @@
|
||||
- Default TLS mode now accepts TLS v1.2, v1.1 and v1.0.
|
||||
|
||||
1.3.2 - 2014xxxx
|
||||
================
|
||||
|
||||
|
@ -740,8 +740,9 @@
|
||||
used for this listener. Possible values are
|
||||
<replaceable>tlsv1.2</replaceable>,
|
||||
<replaceable>tlsv1.1</replaceable> and
|
||||
<replaceable>tlsv1</replaceable>. Defaults to
|
||||
<replaceable>tlsv1.2</replaceable>.</para>
|
||||
<replaceable>tlsv1</replaceable>. If left unset,
|
||||
the default of allowing all of TLS v1.2, v1.1 and
|
||||
v1.0 is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
@ -800,8 +801,9 @@
|
||||
used for this listener. Possible values are
|
||||
<replaceable>tlsv1.2</replaceable>,
|
||||
<replaceable>tlsv1.1</replaceable> and
|
||||
<replaceable>tlsv1</replaceable>. Defaults to
|
||||
<replaceable>tlsv1.2</replaceable>.</para>
|
||||
<replaceable>tlsv1</replaceable>. If left unset,
|
||||
the default of allowing all of TLS v1.2, v1.1 and
|
||||
v1.0 is used.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -171,7 +171,7 @@
|
||||
#keyfile
|
||||
|
||||
# This option defines the version of the TLS protocol to use for this listener.
|
||||
# The default value will always be the highest version that is available for
|
||||
# The default value allows v1.2, v1.1 and v1.0, if they are all supported by
|
||||
# the version of openssl that the broker was compiled against. For openssl >=
|
||||
# 1.0.1 the valid values are tlsv1.2 tlsv1.1 and tlsv1. For openssl < 1.0.1 the
|
||||
# valid values are tlsv1.
|
||||
|
@ -342,13 +342,13 @@ int mqtt3_socket_listen(struct _mqtt3_listener *listener)
|
||||
if((listener->cafile || listener->capath) && listener->certfile && listener->keyfile){
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
||||
if(listener->tls_version == NULL){
|
||||
listener->ssl_ctx = SSL_CTX_new(TLSv1_2_server_method());
|
||||
listener->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
|
||||
}else if(!strcmp(listener->tls_version, "tlsv1.2")){
|
||||
listener->ssl_ctx = SSL_CTX_new(TLSv1_2_server_method());
|
||||
}else if(!strcmp(listener->tls_version, "tlsv1.1")){
|
||||
listener->ssl_ctx = SSL_CTX_new(TLSv1_1_server_method());
|
||||
}else if(!strcmp(listener->tls_version, "tlsv1")){
|
||||
listener->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
|
||||
listener->ssl_ctx = SSL_CTX_new(TLSv1_server_method());
|
||||
}
|
||||
#else
|
||||
listener->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
|
||||
|
Loading…
Reference in New Issue
Block a user