Hi Per,
Thanks for the email, it's good to hear from people who are using
lesser used features. TLS-PSK in TLS v1.3 changed substantially and at
least the openssl implementation requires applications to use
different APIs to cope with this - which Mosquitto currently does not
do. As I recall, with TLS 1.3 still enabled some clients were having
problems connecting when using TLS-PSK, so the simplest fix was to
disable the non-functional TLS-PSK version.
Support for v1.3 TLS-PSK could go into version 2.1, I'll have to see
how it goes. It hasn't been a particular priority so far because I
have the impression that barely anybody uses TLS-PSK.
Regards,
Roger
On Fri, 25 Mar 2022 at 12:40, Per x Johansson <Per.X.Johansson@xxxxxxxx> wrote:
>
> Hi
>
>
> After upgrading to mosquitto 2.0.12, we have run into problems with clients not being able to connect to brokers that only accept TLS v1.3 when using PSK. I can see in the change log that the reason for that is this.
>
>
> "Disable TLS v1.3 when using TLS-PSK, because it isn't correctly configured."
>
>
> What I would like to understand is what "because it isn't correctly configured" actually means. Is there any way to solve it without running TLS v1.2 on the broker? Does it have any security issues for clients using the 2.0.10 version of mosquitto lib when
connection to v1.3 brokers.
>
>
> Regards,
>
> Per
>
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/mosquitto-dev
_______________________________________________
mosquitto-dev mailing list
mosquitto-dev@xxxxxxxxxxx
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/mosquitto-dev