yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #9493 from lafirest/fix/psk_v4.4 

fix(psk): add more PSK ciphers support
This commit is contained in:
lafirest 2022-12-09 16:10:51 +08:00 committed by GitHub
parent 925787bc59 a01301a985
commit e3ed682e8d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
apps/emqx_psk_file/test/emqx_psk_file_SUITE.erl
View File

@ -74,7 +74,10 @@ do_emqtt_connect(Cipher) ->
psk_ciphers() -> psk_ciphers() ->
["RSA-PSK-AES256-GCM-SHA384","RSA-PSK-AES256-CBC-SHA384", ["RSA-PSK-AES256-GCM-SHA384","RSA-PSK-AES256-CBC-SHA384",
"RSA-PSK-AES128-GCM-SHA256","RSA-PSK-AES128-CBC-SHA256", "RSA-PSK-AES128-GCM-SHA256","RSA-PSK-AES128-CBC-SHA256",
"RSA-PSK-AES256-CBC-SHA","RSA-PSK-AES128-CBC-SHA"]. "RSA-PSK-AES256-CBC-SHA","RSA-PSK-AES128-CBC-SHA",
"PSK-AES256-GCM-SHA384","PSK-AES128-GCM-SHA256",
"PSK-AES256-CBC-SHA384","PSK-AES256-CBC-SHA",
"PSK-AES128-CBC-SHA256","PSK-AES128-CBC-SHA"].
ssl_opts(Cipher) -> ssl_opts(Cipher) ->
TlsFile = fun(Name) -> TlsFile = fun(Name) ->

2
changes/v4.4.12-en.md
View File

@ -2,6 +2,8 @@
- Upgrade http client library `ehttpc` from `0.2.1` to `0.4.2` [#9456](https://github.com/emqx/emqx/pull/9456). - Upgrade http client library `ehttpc` from `0.2.1` to `0.4.2` [#9456](https://github.com/emqx/emqx/pull/9456).
- Add more PSK ciphers support [#9493](https://github.com/emqx/emqx/pull/9493).
### Bug Fixes ### Bug Fixes
- Fixed load bootstrap file when no bootstrap user in `mqtt_app` [#9474](https://github.com/emqx/emqx/pull/9474). - Fixed load bootstrap file when no bootstrap user in `mqtt_app` [#9474](https://github.com/emqx/emqx/pull/9474).

2
changes/v4.4.12-zh.md
View File

@ -2,6 +2,8 @@
- HTTP 客户端库 `ehttpc``0.2.1` 升级到 `0.4.2` [#9456](https://github.com/emqx/emqx/pull/9456)。 - HTTP 客户端库 `ehttpc``0.2.1` 升级到 `0.4.2` [#9456](https://github.com/emqx/emqx/pull/9456)。
- 支持更多的 PSK 密码套件[#9493](https://github.com/emqx/emqx/pull/9493)。
### 修复 ### 修复
- 修复 mqtt_app 表内没有 boostrap user 里未导入用户的问题 [#9474](https://github.com/emqx/emqx/pull/9474). - 修复 mqtt_app 表内没有 boostrap user 里未导入用户的问题 [#9474](https://github.com/emqx/emqx/pull/9474).

11
priv/emqx.schema
View File

@ -2290,12 +2290,15 @@ end}.
%% In erlang, we only support the following PSK ciphers (ssl_cipher:psk_suites(3)) %% In erlang, we only support the following PSK ciphers (ssl_cipher:psk_suites(3))
AvaiableCiphers = ["RSA-PSK-AES256-GCM-SHA384","RSA-PSK-AES256-CBC-SHA384", AvaiableCiphers = ["RSA-PSK-AES256-GCM-SHA384","RSA-PSK-AES256-CBC-SHA384",
"RSA-PSK-AES128-GCM-SHA256","RSA-PSK-AES128-CBC-SHA256", "RSA-PSK-AES128-GCM-SHA256","RSA-PSK-AES128-CBC-SHA256",
"RSA-PSK-AES256-CBC-SHA","RSA-PSK-AES128-CBC-SHA" "RSA-PSK-AES256-CBC-SHA","RSA-PSK-AES128-CBC-SHA",
%% The below ciphers are supported
%% But they aren't visible in `ssl:cipher_suites`
"PSK-AES256-GCM-SHA384","PSK-AES128-GCM-SHA256",
"PSK-AES256-CBC-SHA384","PSK-AES256-CBC-SHA",
"PSK-AES128-CBC-SHA256","PSK-AES128-CBC-SHA"
], ],
%% Compatible with legacy PSK Cipher strings %% Compatible with legacy PSK Cipher strings
PskMapping = fun("PSK-AES128-CBC-SHA") -> {true, "RSA-PSK-AES128-CBC-SHA"}; PskMapping = fun("PSK-3DES-EDE-CBC-SHA") -> {true, "PSK-3DES-EDE-CBC-SHA"};
("PSK-AES256-CBC-SHA") -> {true, "RSA-PSK-AES256-CBC-SHA"};
("PSK-3DES-EDE-CBC-SHA") -> {true, "PSK-3DES-EDE-CBC-SHA"};
("PSK-RC4-SHA") -> {true, "PSK-RC4-SHA"}; ("PSK-RC4-SHA") -> {true, "PSK-RC4-SHA"};
(C) -> case lists:member(C, AvaiableCiphers) of (C) -> case lists:member(C, AvaiableCiphers) of
true -> {true, C}; true -> {true, C};