-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update openSSL to v3.x #2779
Comments
Good points. |
Hi @ralight if I install Mosquitto 2.0.15 on Ubuntu 22.04 that comes with OpenSSL 3.0.2 ... this means it's incompatible and I should install an older version of Ubuntu that comes with OpenSSL 1.1.1? I'm having a problem with some devices trying to connect Mosquitto 2.0.15. The problem is that they can't achieve the connection using TLS 1.1 (the devices are deployed and impossible to update). Even setting
Connecting with TLS 1.2 I can connect, but when forcing TLS 1.1 I can't ... Not sure if this is a bug with the Sorry for piggybacking this issue report but I think this is related to the problem I'm having. |
Found it! For everyone struggling with my same issue in Ubuntu 22.04, adding the following line in
SECLEVEL changed from 2 to 0. For reference: https://www.openssl.org/docs/man3.1/man3/SSL_CTX_set_security_level.html
EDIT: Found a better way of handling this. It's possible to configure this directly inside
|
Dear all, I would like to use new OpenSSL providers with Mosquitto as engines are deprecated in OpenSSL 3.0. So i configured my provider in OpenSSL's config file but connecting a client to Mosquitto leads to an error Thank you |
When using this is a build I'm getting multiple Warnings " is deprecated: Since OpenSSL 3.0 " |
You can build mosquitto with OPENSSL_NO_ENGINE to rid of warnings related to openssl deprecated functions. |
ubuntu 22.04 and OpenSSL 3.0.2 and mosquitto version 2.0.11 any better ideas ? root@server:~# sudo systemctl start mosquitto |
any updates? just to let us know the plan if Mosquitto will support OpenSSL 3.0.2 or we need 3.1 ? stuck here, Ubuntu 22.04 server will not accept client certificate, no matter which way i create it. Please acknowledge the bug, even if you are working on a fix, and an estimated time to fix. appreciated |
Facing same issue on Windows machine as well. Any update whether this would be getting fixed in upcoming release's ? |
If it's just about silencing the warnings, setting the OpenSSL API version compatibility macro OPENSSL_API_COMPAT to OpenSSL 1.1 is probably the cleaner approach, as |
Eclipse Mosquittov2.0.15 uses openSSLv1.1.1q and it is close to the End Of Life .
openSSL1.1.1q is not the latest version for the 1.1.1 branch, it is 1.1.1u. There have been multiple security vulnerabilities reported and fixed in the versions between 1.1.1q and 1.1.1u. The change log from OpenSSL
This is a request to update to openSSLv3.x due to Cybersecurity.
Note: The latest stable version is the openSSLv3.1 series supported until 14th March 2025. Also available is the 3.0 series which is a Long Term Support (LTS) version and is supported until 7th September 2026. The previous LTS version (the 1.1.1 series) is also available and is supported until 11th September 2023.
The text was updated successfully, but these errors were encountered: