Support for ECDHE-ECDSA family ciphers.
This commit is contained in:
parent
40818619fd
commit
fb7dd42e5d
@ -1,4 +1,6 @@
|
||||
Broker:
|
||||
- Default TLS mode now accepts TLS v1.2, v1.1 and v1.0.
|
||||
- Support for ECDHE-ECDSA family ciphers.
|
||||
|
||||
Clients:
|
||||
- Both clients can now load default configuration options from a file.
|
||||
|
16
src/net.c
16
src/net.c
@ -256,6 +256,9 @@ static int _mosquitto_tls_server_ctx(struct _mqtt3_listener *listener)
|
||||
int ssl_options = 0;
|
||||
char buf[256];
|
||||
int rc;
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L
|
||||
EC_KEY *ecdh = NULL;
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10001000L
|
||||
if(listener->tls_version == NULL){
|
||||
@ -291,6 +294,19 @@ static int _mosquitto_tls_server_ctx(struct _mqtt3_listener *listener)
|
||||
/* Use even less memory per SSL connection. */
|
||||
SSL_CTX_set_mode(listener->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
||||
SSL_CTX_set_ecdh_auto(listener->ssl_ctx, 1);
|
||||
#elif OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L
|
||||
ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
||||
if(!ecdh){
|
||||
_mosquitto_log_printf(NULL, MOSQ_LOG_ERR, "Error: Unable to create TLS ECDH curve.");
|
||||
return 1;
|
||||
}
|
||||
SSL_CTX_set_tmp_ecdh(listener->ssl_ctx, ecdh);
|
||||
EC_KEY_free(ecdh);
|
||||
#endif
|
||||
|
||||
snprintf(buf, 256, "mosquitto-%d", listener->port);
|
||||
SSL_CTX_set_session_id_context(listener->ssl_ctx, (unsigned char *)buf, strlen(buf));
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user