Allow setting server SSL cipher order.

Question

Allow setting server SSL cipher order.

josephverburg opened this issue 3 years ago · 3 comments

Problem or use case

From a security perpective it is better to use the cipher order from the server instead of the client, so that you can order the supported ciphers from most secure to least secure.
Currently this is not possible with HiveMQ.

Preferred solution or suggestions

This can be achieved by adding the following lines to https://github.com/hivemq/hivemq-community-edition/blob/master/src/main/java/com/hivemq/security/ssl/SslFactory.java#L81:
SSLParameters params = sslEngine.getSSLParameters(); params.setUseCipherSuitesOrder(true); sslEngine.setSSLParameters(params);

This can be hidden behind a config option to make it flexible.

Answer 1 · 2021-10-21T12:09:01.000Z

Hi @josephverburg,

good idea 👍, I'll bring this up within the team and will keep you updated when I have new information.

Greetings,
Michael from the HiveMQ team

Answer 2 · 2021-10-29T12:15:34.000Z

Hi @josephverburg,

it was discussed and I created a feature request on our board.
As when this issue will be tackled I can't say, but I keep you updated.

Greetings,
Michael

Answer 3 · 2022-03-03T15:12:35.000Z

@josephverburg Ping to let you know this is done