Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [paho-dev] Using for running Paho tests

Hi Ian,

That's great, it makes a lot of sense. Having a separate broker
instance for testing is definitely a good idea as well! We should
probably move the ports the tests use so that they don't use 8883 to
avoid potential future problems if we allow TLS connections on

Mosquitto uses the default ciphers that openssl makes available. You
can see this list with "openssl ciphers -v", or "openssl ciphers -v
'DEFAULT:!aNULL:!eNULL", which is confusingly the set of options that
are used by default.

ADH-DES-CBC-SHA is part of the aNULL (null authentication, as you say)
cipher group so it isn't available by default. You can configure the
available ciphers with the "ciphers" option in the config file, but
you'd also have to argue quite hard to convince me that providing
support for weak anonymous ciphers was a good idea. I'm inclined to
disable more weak ciphers by default, as discussed in this Python bug



On Fri, Aug 9, 2013 at 4:51 PM, Ian Craggs
<icraggs@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
> Hi Roger,
> Benjamin is happy for us to use to run an MQTT server to run
> Paho tests against.  The tests use a variety of SSL configuration on four
> ports (currently 8883 to 8886) in addition to 1883.
> We could use the same instance of Mosquitto as is running now, or a separate
> instance for added stability.   I just imagined that random use of the
> sandbox server could interfere with the Paho tests, and that a separate
> instance would give us more reliable tests.
> What do you think?
> Ian
> P.S.  My SSL C client tests are working against Mosquitto with the exception
> of anonymous ciphers (attempting to use ADH-DES-CBC-SHA). Anything special
> to consider?

Back to the top