I am developing a C application for Linux using libmosquitto
for the MQTT communication between my application and an MQTT broker elsewhere.
I am enabling TLS for authentication and encryption.
How do I actually find out which type of encryption is being used during the communication? AES-256 is the requirement.
My MqttClient class :
#include <mosquittopp.h>
#include <mosquitto.h>
class MqttClient : public mosqpp::mosquittopp
{
public:
MqttClient(std::string name, uint16 id, std::string rev);
~MqttClient();
void setConnectionInfo(std::string host, int port);
void setUsernamePassw(std::string username, std::string password);
void connect_client();
int publish_message(const std::string _topic, const std::string _message, int QoS, bool retain);
int subscribe_topic(const char * _message);
const std::string getJsonString(const std::string _parameter, const std::string _value);
}
Elsewhere in the code I connect my client as follows ( Obviously this is just a code snippet with information missing, but just to show how I am using the class) :
MqttClient _mqttClient = new MqttClient("client1", 12345, "1");
_mqttClient->setConnectionInfo(_mqtt_params.host, _mqtt_params.portNum);
_mqttClient->setUsernamePassw(_mqtt_params.username, _mqtt_params.password);
_mqttClient->tls_set("/etc/certs/cert.pem", NULL, NULL, NULL, NULL);
_mqttClient->tls_opts_set(1, "tlsv1.2", NULL);
_mqttClient->tls_insecure_set(FALSE);
The third option of
tls_opts_set
is the ciphers you allow. Runopenssl ciphers
on your host to see what's available. You should be able to passAES256
here to get all the ciphers that include AES256, but if not, you can runopenssl ciphers AES
and use that colon-separated string.