Support for client-signature-algorithms #1226

mohitvaid · 2022-05-17T16:56:29Z

mohitvaid
May 17, 2022

@icraggs We are using syslog-ng for MQTT communication. Which internally uses paho.mqtt.c

As part of our NIAP support we are supposed to restrict certain TLS specific parameters, likewise:

ciphers,
client signature algorithms/ signature algorithms,
ecdh curves

Based on syslog-ng/syslog-ng#4000, syslog-ng team has made changes for their general TLS support but for MQTT flow they are unable to as paho library lacks support for the signature algorithms.

Can this change be accommodated?

mohitvaid · 2022-05-26T11:22:53Z

mohitvaid
May 26, 2022
Author

@icraggs can you please take a look at this discussion?

0 replies

icraggs · 2023-10-03T10:21:37Z

icraggs
Oct 3, 2023
Maintainer

Sorry I hadn't really been aware of this discussion facility. It seems the best way to support this would be to expose the OpenSSL context for configuration by the application as suggested in the linked discussion. The request actually seems to be to restrict some algorithms.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for client-signature-algorithms #1226

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 2 comments

{{title}}

{{title}}

Select a reply

Support for client-signature-algorithms #1226

mohitvaid May 17, 2022

Replies: 2 comments

mohitvaid May 26, 2022 Author

icraggs Oct 3, 2023 Maintainer

mohitvaid
May 17, 2022

mohitvaid
May 26, 2022
Author

icraggs
Oct 3, 2023
Maintainer