Hi Chris,
in the documentation for the SSL options structure,
(https://www.eclipse.org/paho/files/mqttdoc/Cclient/struct_m_q_t_t_client___s_s_l_options.html)
there is the enabledCipherSuites option, which points to the OpenSSL
documentation:
For a full explanation of the cipher list format, please see
the OpenSSL on-line documentation: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT
If this setting is ommitted, its default value will be "ALL"
- ALL
-
all cipher suites except the eNULL
ciphers which must be explicitly enabled;
as of OpenSSL, the ALL
cipher suites are reasonably ordered by default
Also in the OpenSSL Cipher Suites section there is:
TLSv1.2,
TLSv1, SSLv3
-
TLS v1.2, TLS v1.0 or SSL v3.0 cipher suites respectively.
Note:
there are no ciphersuites specific to TLS v1.1.
So, you should be able to use
sslopts.enabledCipherSuites = "TLSv1.2";
for instance.
Ian
On 02/04/2015 10:49 AM, Chris Summer
wrote:
Hi all,
I am trying to use a SSL connection with the PAHO C Client. It
seems as if I just miss something!
When Using the Python API, I can use tls_version=....
In the Documentation for the C API I don't find anything
comparable.
I have set connection_options.serverURIs="ssl://mybroker:8883"
and the client tries to connect to the mosquitto broker, which
logs:
SSL23_GET_CLIENT_HELLO:unknown protocol.
Which was the same Error I got when not specifying the tls
protocol version in Python. Is there any way in the C API to set
the SSL/TLS Version?
Did I miss anything else?
Cheers,
Chris
_______________________________________________
paho-dev mailing list
paho-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/paho-dev
--
Ian Craggs
icraggs@xxxxxxxxxx IBM United Kingdom
Paho Project Lead; Committer on Mosquitto
|