add support for tlsv1.3 ciphers

Signed-off-by: Abilio Marques <abiliojr@gmail.com>
5 years ago · c637a192a3
parent 7842323c0d
commit c637a192a3
3 changed files with 23 additions and 5 deletions
--- a/lib/mosquitto_internal.h
+++ b/lib/mosquitto_internal.h
@ -254,6 +254,7 @@ struct mosquitto {
 	int (*tls_pw_callback)(char *buf, int size, int rwflag, void *userdata);
 	char *tls_version;
 	char *tls_ciphers;
+	char *tls_13_ciphers;
 	char *tls_psk;
 	char *tls_psk_identity;
 	char *tls_engine;
--- a/lib/net_mosq.c
+++ b/lib/net_mosq.c
@ -760,6 +760,17 @@ static int net__init_ssl_ctx(struct mosquitto *mosq)
 				return MOSQ_ERR_TLS;
 			}
 		}
+
+#if OPENSSL_VERSION_NUMBER >= 0x10101000 && !defined(LIBRESSL_VERSION_NUMBER)
+		if(mosq->tls_13_ciphers){
+			ret = SSL_CTX_set_ciphersuites(mosq->ssl_ctx, mosq->tls_13_ciphers);
+			if(ret == 0){
+				log__printf(NULL, MOSQ_LOG_ERR, "Error: Unable to set TLS 1.3 ciphersuites. Check cipher_tls13 list \"%s\".", mosq->tls_13_ciphers);
+				return MOSQ_ERR_TLS;
+			}
+		}
+#endif
+
 		if(mosq->tls_cafile || mosq->tls_capath || mosq->tls_use_os_certs){
 			ret = net__tls_load_ca(mosq);
 			if(ret != MOSQ_ERR_SUCCESS){
--- a/lib/options.c
+++ b/lib/options.c
@ -231,13 +231,19 @@ int mosquitto_tls_opts_set(struct mosquitto *mosq, int cert_reqs, const char *tl
 		mosq->tls_version = mosquitto__strdup("tlsv1.2");
 		if(!mosq->tls_version) return MOSQ_ERR_NOMEM;
 	}
+
+	mosq->tls_ciphers = NULL;
+	mosq->tls_13_ciphers = NULL;
+
 	if(ciphers){
+		if(!strcasecmp(tls_version, "tlsv1.3")){
+			mosq->tls_13_ciphers = mosquitto__strdup(ciphers);
+			if(!mosq->tls_13_ciphers) return MOSQ_ERR_NOMEM;
+		}else{
 			mosq->tls_ciphers = mosquitto__strdup(ciphers);
 			if(!mosq->tls_ciphers) return MOSQ_ERR_NOMEM;
-	}else{
-		mosq->tls_ciphers = NULL;
 		}
-
+	}

 	return MOSQ_ERR_SUCCESS;
 #else