yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(psk): Add more PSK ciphers support

This commit is contained in:
firest 2022-12-07 19:00:46 +08:00
parent 6ae289e33b
commit 21a908167d
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apps/emqx/src/emqx_tls_lib.erl
View File

@ -166,7 +166,20 @@ all_ciphers(['tlsv1.3']) ->
all_ciphers(Versions) -> all_ciphers(Versions) ->
%% assert non-empty %% assert non-empty
List = lists:append([ssl:cipher_suites(all, V, openssl) || V <- Versions]), List = lists:append([ssl:cipher_suites(all, V, openssl) || V <- Versions]),
[_ | _] = dedup(List).
%% Some PSK ciphers are both supported by OpenSSL and Erlang, but they need manual add here.
%% Found by this cmd
%% openssl ciphers -v|grep ^PSK| awk '{print $1}'| sed "s/^/\"/;s/$/\"/" | tr "\n" ","
%% Then remove the ciphers that aren't supported by Erlang
PSK = [
"PSK-AES256-GCM-SHA384",
"PSK-AES128-GCM-SHA256",
"PSK-AES256-CBC-SHA384",
"PSK-AES256-CBC-SHA",
"PSK-AES128-CBC-SHA256",
"PSK-AES128-CBC-SHA"
],
[_ | _] = dedup(List ++ PSK).
%% @doc All Pre-selected TLS ciphers. %% @doc All Pre-selected TLS ciphers.
default_ciphers() -> default_ciphers() ->