From 759b1dacdfdf2e8602bfe1481b08ec0e3b7c8941 Mon Sep 17 00:00:00 2001 From: JianBo He Date: Thu, 31 Mar 2022 11:55:48 +0800 Subject: [PATCH] chore(schema): check tls_version if psk_cipher configured --- priv/emqx.schema | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/priv/emqx.schema b/priv/emqx.schema index 22c91ab7c..a1cf2a97b 100644 --- a/priv/emqx.schema +++ b/priv/emqx.schema @@ -2100,7 +2100,14 @@ end}. {TLSCiphers, undefined} -> SplitFun(TLSCiphers); {undefined, PSKCiphers} -> - MapPSKCiphers(SplitFun(PSKCiphers)); + case Versions == undefined orelse lists:member('tlsv1.3', Versions) of + true -> + cuttlefish:invalid( + Prefix++".tls_versions cannot contain tlsv1.3 " + "if "++Prefix++".psk_ciphers is configured"); + _ -> + MapPSKCiphers(SplitFun(PSKCiphers)) + end; {_TLSCiphers, _PSKCiphers} -> cuttlefish:invalid(Prefix++".ciphers and "++Prefix++".psk_ciphers cannot be configured at the same time") end,