Add setSSLVersion call to SSL object by earlephilhower · Pull Request #7920 · esp8266/Arduino (original) (raw)

Umm, apparently it fails!

/home/manolodd/Desarrollo/Arduino/NodemcuWifiMQTTTLStls12_5/NodemcuWifiMQTTTLStls12_5.ino: In function 'void setupMQTT()':
NodemcuWifiMQTTTLStls12_5:235:17: error: 'class BearSSL::WiFiClientSecure' has no member named 'setSSLVersion'; did you mean 'setSession'?
235 | tlsConnection.setSSLVersion(BR_TLS12, BR_TLS12);
| ^~~~~~~~~~~~~
| setSession
exit status 1
'class BearSSL::WiFiClientSecure' has no member named 'setSSLVersion'; did you mean 'setSession'?

If I add the following method

bool setSSLVersion(uint32_t min = BR_TLS10, uint32_t max = BR_TLS12) { return setSSLVersion(min, max); };

to class WiFiClientSecure : public WiFiClient (is missing)

then everything compiles, but once flashed to my NodeMCU it throws an exception.

My mosquitto is running only TLS 1.2

nmap --script ssl-enum-ciphers -p 8883 localhost
Starting Nmap 7.70 ( https://nmap.org ) at 2021-03-12 21:59 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00022s latency).
Other addresses for localhost (not scanned): ::1

PORT STATE SERVICE
8883/tcp open secure-mqtt
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
| TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ecdh_x25519) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
|_ least strength: A

And without trying to set the TLS version with the new method, my sketch works fine, so It uses TLS 1.2.

I need to do some additional tests.