mirror of https://github.com/arendst/Tasmota.git
Merge pull request #6077 from s-hadinger/tls_force_ec2
Fix Force Elliptic Curve for Letsencrypt TLS #6042
This commit is contained in:
commit
166906f308
|
@ -40,7 +40,7 @@ uint32_t *stack_thunk_light_save = NULL; /* Saved A1 while in BearSSL */
|
|||
uint32_t stack_thunk_light_refcnt = 0;
|
||||
|
||||
//#define _stackSize (5600/4)
|
||||
#ifdef USE_MQTT_AWS_IOT
|
||||
#if defined(USE_MQTT_AWS_IOT) || defined(USE_MQTT_TLS_FORCE_EC_CIPHER)
|
||||
#define _stackSize (5300/4) // using a light version of bearssl we can save 300 bytes
|
||||
#else
|
||||
#define _stackSize (3600/4) // using a light version of bearssl we can save 2k
|
||||
|
|
|
@ -758,7 +758,7 @@ extern "C" {
|
|||
// We limit to a single cipher to reduce footprint
|
||||
// we reference it, don't put in PROGMEM
|
||||
static const uint16_t suites[] = {
|
||||
#ifdef USE_MQTT_AWS_IOT
|
||||
#if defined(USE_MQTT_AWS_IOT) || defined(USE_MQTT_TLS_FORCE_EC_CIPHER)
|
||||
BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
|
||||
#else
|
||||
BR_TLS_RSA_WITH_AES_128_GCM_SHA256
|
||||
|
@ -785,8 +785,8 @@ extern "C" {
|
|||
br_ssl_engine_set_aes_ctr(&cc->eng, &br_aes_small_ctr_vtable);
|
||||
br_ssl_engine_set_ghash(&cc->eng, &br_ghash_ctmul32);
|
||||
|
||||
#ifdef USE_MQTT_AWS_IOT
|
||||
// we support only P256 EC curve for AWS IoT, no EC curve for Letsencrypt
|
||||
#if defined(USE_MQTT_AWS_IOT) || defined(USE_MQTT_TLS_FORCE_EC_CIPHER)
|
||||
// we support only P256 EC curve for AWS IoT, no EC curve for Letsencrypt unless forced
|
||||
br_ssl_engine_set_ec(&cc->eng, &br_ec_p256_m15);
|
||||
#endif
|
||||
}
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
* Add command Time to disable NTP and set UTC time as Epoch value if above 1451602800 (=20160101). Time 0 re-enables NTP (#5279)
|
||||
* Add AZ7798 automatic setting of clock display (#6034)
|
||||
* Add Epoch and UptimeSec to JSON messages (#6068)
|
||||
* Fix Force Elliptic Curve for Letsencrypt TLS #6042
|
||||
*
|
||||
* 6.6.0 20190707
|
||||
* Remove support of TLS on core 2.3.0 and extent support on core 2.4.2 and up
|
||||
|
|
|
@ -266,6 +266,7 @@
|
|||
// Using TLS starting with version v6.5.0.16 compilation will only work using Core 2.4.2 and 2.5.2. No longer supported: 2.3.0
|
||||
//#define USE_MQTT_TLS // Use TLS for MQTT connection (+34.5k code, +7.0k mem and +4.8k additional during connection handshake)
|
||||
// #define USE_MQTT_TLS_CA_CERT // Force full CA validation instead of fingerprints, slower, but simpler to use (+2.2k code, +1.9k mem during connection handshake)
|
||||
// #define USE_MQTT_TLS_FORCE_EC_CIPHER // Force Elliptic Curve cipher (higher security) required by some servers (automatically enabled with USE_MQTT_AWS_IOT) (+11.4k code, +0.4k mem)
|
||||
// #define USE_MQTT_AWS_IOT // Enable MQTT for AWS IoT - requires a private key (+11.4k code, +0.4k mem)
|
||||
// Note: you need to generate a private key + certificate per device and update 'sonoff/sonoff_aws_iot.cpp'
|
||||
// Full documentation here: https://github.com/arendst/Sonoff-Tasmota/wiki/AWS-IoT
|
||||
|
|
Loading…
Reference in New Issue