From 54b1a94379942e721cf6bdb60e16ce806445b717 Mon Sep 17 00:00:00 2001 From: s-hadinger <49731213+s-hadinger@users.noreply.github.com> Date: Fri, 1 Mar 2024 12:24:48 +0100 Subject: [PATCH] Drop support for old (insecure) fingerprint format (#20842) --- CHANGELOG.md | 1 + tasmota/my_user_config.h | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 513c6d43b..d103f8938 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ All notable changes to this project will be documented in this file. - Berry `path.rename()` (#20840) ### Breaking Changed +- Drop support for old (insecure) fingerprint format ### Changed diff --git a/tasmota/my_user_config.h b/tasmota/my_user_config.h index a218cc69f..8ab66d220 100644 --- a/tasmota/my_user_config.h +++ b/tasmota/my_user_config.h @@ -446,7 +446,7 @@ // #define USE_MQTT_AWS_IOT // [Deprecated] Enable MQTT for AWS IoT - requires a private key (+11.9k code, +0.4k mem) // Note: you need to generate a private key + certificate per device and update 'tasmota/tasmota_aws_iot.cpp' // Full documentation here: https://github.com/arendst/Tasmota/wiki/AWS-IoT -// #define USE_MQTT_TLS_DROP_OLD_FINGERPRINT // If you use fingerprint (i.e. not CA) validation, the algorithm changed to a more secure one. + #define USE_MQTT_TLS_DROP_OLD_FINGERPRINT // If you use fingerprint (i.e. not CA) validation, the algorithm changed to a more secure one. // Any valid fingerprint with the old algo will be automatically updated to the new algo. // Enable this if you want to disable the old algo check, which should be more secure // for USE_4K_RSA (support for 4096 bits certificates, instead of 2048), you need to uncommend `-DUSE_4K_RSA` in `build_flags` from `platform.ini` or `platform_override.ini`