Fix DH group not being set for TLS connections.

This meant ciphers using DHE couldn't be used. Closes #1925. Closes #1476. Thanks to Jonathan Sönnerup, Valerii Demeshko, and sectokia.
5 years ago · e81216c172
parent d429c54130
commit e81216c172
2 changed files with 5 additions and 0 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,5 +1,7 @@
 Broker:
 - Fix crash on Windows if loading a plugin fails. Closes #1866.
+- Fix DH group not being set for TLS connections, which meant ciphers using
+  DHE couldn't be used. Closes #1925. Closes #1476.
 - Fix listener not being reassociated with client when reloading a persistence
  file and `per_listener_settings true` is set and the client did not set a
  username. Closes #1891.
--- a/src/net.c
+++ b/src/net.c
@ -369,6 +369,9 @@ int net__tls_server_ctx(struct mosquitto__listener *listener)
 	SSL_CTX_set_ecdh_auto(listener->ssl_ctx, 1);
 #endif
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	SSL_CTX_set_dh_auto(listener->ssl_ctx, 1);
+#endif

 #ifdef SSL_OP_NO_RENEGOTIATION
 	SSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_RENEGOTIATION);