Hello
Remember when using DH the first thing to do is to generate a set of DH parameters in your system (4096bit is the best choice).
As defined in mosquito.conf documentation : ciphers cipher:listThe list of allowed ciphers, each separated with a colon. Available ciphers can be obtained using the "openssl ciphers" command.
Can you set explicitly your desired cipher suite and check?
Just a final solution that helped me in the past. If you have some issues like this, remember that you can delegate all the TLS part to another soft more specialized like stunnel, which forward the traffic to mosquitto once the connection is successful and, in this case you must keep mosquitto available only for internal connections.
Regards, Mohamed Hamzaoui Hi everyone,I was wondering whether Mosquitto supports the use of DHE-RSA ciphers.In fact I'm not able to establish a connection when using e.g. DHE-RSA-AES256-SHA (but the same seems to occur for all DHE-RSA-* ciphers).The underlying openssl works fine (tested with s_server and s_client).I've read on openssl documentation that DHE-RSA needs some DH params to be set up in advance.However I can't find any info on mosquitto docs about that.Also, I wasn't able to find any calls to SSL_CTX_set_tmp_dh() in the code.Can you please confirm support for DHE-RSA?And in that case point me to some life-saving info?Thank you in advanceLuca_______________________________________________mosquitto-dev mailing listmosquitto-dev@xxxxxxxxxxxTo change your delivery options, retrieve your password, or unsubscribe from this list, visithttps://www.eclipse.org/mailman/listinfo/mosquitto-dev
|
