Fix DH group not being set for TLS connections.

This meant ciphers using DHE couldn't be used. Closes #1925. Closes #1476. Thanks to Jonathan Sönnerup, Valerii Demeshko, and sectokia.
2025-05-09 01:01:11 +08:00 · 2020-12-09 15:40:45 +00:00 · 2020-12-09 15:40:45 +00:00 · b7f0161f52
commit b7f0161f52
parent 0d3512144f
2 changed files with 5 additions and 0 deletions
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@ -1,6 +1,8 @@
 Broker:
 - Fix websockets connections on Windows blocking subsequent connections.
  Closes #1934.
+- Fix DH group not being set for TLS connections, which meant ciphers using
+  DHE couldn't be used. Closes #1925. Closes #1476.

 Apps:
 - Fix `mosquitto_passwd -U`
--- a/src/net.c
+++ b/src/net.c
@ -373,6 +373,9 @@ int net__tls_server_ctx(struct mosquitto__listener *listener)
 	SSL_CTX_set_ecdh_auto(listener->ssl_ctx, 1);
 #endif
 #endif
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	SSL_CTX_set_dh_auto(listener->ssl_ctx, 1);
+#endif

 #ifdef SSL_OP_NO_RENEGOTIATION
 	SSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_RENEGOTIATION);