client: option --ciphers is ignored (if not together with --tls-version) #380

Closed
zarnovican opened this Issue Feb 15, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@zarnovican

In Mosquitto client, if you specify option --ciphers <foo>, client will still offer the full set of available cipher suites to the TLS server (verified by Wireshark).

To make --ciphers option work, you also have to specify option --tls-version (https://github.com/eclipse/mosquitto/blob/master/client/client_shared.c#L693). This is not apparent from the documentation or command output, making it a poor user experience.

I would suggest one (or more) of the following:

  • update doc: add a comment to man page (and inline help). Currently it's just
       --ciphers
           An openssl compatible list of TLS ciphers to support in the client. See ciphers(1) for more information.
  • code change: print a warning when --ciphers is specified without --tls-version
  • code change: accept and set ciphers ever even if no --tls-version was specified
@ralight

This comment has been minimized.

Show comment
Hide comment
@ralight

ralight Feb 15, 2017

Contributor

Thanks very much, the most sensible option is to allow --ciphers on its own. That's what I've just committed.

Contributor

ralight commented Feb 15, 2017

Thanks very much, the most sensible option is to allow --ciphers on its own. That's what I've just committed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment