I am developing a C application for Linux using libmosquitto for the MQTT communication between my application and an MQTT broker elsewhere.
I am enabling TLS for authentication and encryption.
How do I actually find out which type of encryption is being used during the communication? AES-256 is the requirement.
My MqttClient class :
#include <mosquittopp.h>
#include <mosquitto.h>
class MqttClient : public mosqpp::mosquittopp
{
public:
MqttClient(std::string name, uint16 id, std::string rev);
~MqttClient();
void setConnectionInfo(std::string host, int port);
void setUsernamePassw(std::string username, std::string password);
void connect_client();
int publish_message(const std::string _topic, const std::string _message, int QoS, bool retain);
int subscribe_topic(const char * _message);
const std::string getJsonString(const std::string _parameter, const std::string _value);
}
Elsewhere in the code I connect my client as follows ( Obviously this is just a code snippet with information missing, but just to show how I am using the class) :
MqttClient _mqttClient = new MqttClient("client1", 12345, "1");
_mqttClient->setConnectionInfo(_mqtt_params.host, _mqtt_params.portNum);
_mqttClient->setUsernamePassw(_mqtt_params.username, _mqtt_params.password);
_mqttClient->tls_set("/etc/certs/cert.pem", NULL, NULL, NULL, NULL);
_mqttClient->tls_opts_set(1, "tlsv1.2", NULL);
_mqttClient->tls_insecure_set(FALSE);
The third option of tls_opts_set is the ciphers you allow. Run openssl ciphers on your host to see what's available. You should be able to pass AES256 here to get all the ciphers that include AES256, but if not, you can run openssl ciphers AES and use that colon-separated string.