sskaje
commented
8 years ago Hi @btry , do you mind creating wiki pages about this?
Open btry opened 8 years ago
sskaje
commented
8 years ago Hi @btry , do you mind creating wiki pages about this?
btry
commented
8 years ago Hi
I may provide the relevant configuration for Mosquitto, and a PHP snippet for such setup.
Hi
I configured Mosquitto to accept TLS v1.2 only and reject TLS v1.0 or v1.1
The library works fine this way, but PHP os poorly documented about enforcing TLS v1.2 with Socket context. See this page : http://php.net/manual/en/function.stream-socket-enable-crypto.php
There is no mention of all constants available here http://php.net/manual/en/migration56.constants.php , especially STREAM_CRYPTO_METHOD_TLSv1_2_SERVER
Not configuring this crypto method in the socket context will prevent PHP from connecting to a Mosquitto instance configured to accelt only TLS v1.2.
I think a note in the README.md or a wiki page would be helpful to help users of your library ensure an aceptable level of security, as TLS < v1.2 is weak now.