Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce TLS v1.2 documentation #13

Open
btry opened this issue Jun 29, 2016 · 2 comments
Open

Enforce TLS v1.2 documentation #13

btry opened this issue Jun 29, 2016 · 2 comments

Comments

@btry
Copy link

btry commented Jun 29, 2016

Hi

I configured Mosquitto to accept TLS v1.2 only and reject TLS v1.0 or v1.1

The library works fine this way, but PHP os poorly documented about enforcing TLS v1.2 with Socket context. See this page : http://php.net/manual/en/function.stream-socket-enable-crypto.php

There is no mention of all constants available here http://php.net/manual/en/migration56.constants.php , especially STREAM_CRYPTO_METHOD_TLSv1_2_SERVER

Not configuring this crypto method in the socket context will prevent PHP from connecting to a Mosquitto instance configured to accelt only TLS v1.2.

I think a note in the README.md or a wiki page would be helpful to help users of your library ensure an aceptable level of security, as TLS < v1.2 is weak now.
@sskaje
Copy link
Owner

sskaje commented Jul 1, 2016

Hi @btry , do you mind creating wiki pages about this?

@btry
Copy link
Author

btry commented Jul 1, 2016

Hi

I may provide the relevant configuration for Mosquitto, and a PHP snippet for such setup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sskaje @btry