Skip to content

Add cipher preference option in builder #659

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Add cipher preference option in builder #659

wants to merge 12 commits into from

Conversation

@xiazhvera
Copy link
Contributor

@xiazhvera xiazhvera commented Sep 24, 2025
edited
Loading

Issue #, if available:

Description of changes:

  • Add cipher preference option in MQTT builders

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

bretambrose
bretambrose reviewed Sep 24, 2025
View reviewed changes
Copy link
Contributor

@bretambrose bretambrose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want cipher suite on the static builder functions or as a separate API?

@xiazhvera
Copy link
Contributor Author

xiazhvera commented Sep 24, 2025

Do we want cipher suite on the static builder functions or as a separate API?

Python SDK static builder function directly return a mqtt5 client / mqtt3 connection. We don't really have a way to add a separate API for builder.

@xiazhvera xiazhvera changed the title [WIP] Add cipher suite option in mqtt builder Add cipher preference option in builder Sep 29, 2025
@xiazhvera xiazhvera marked this pull request as ready for review September 29, 2025 23:14
@sfod
Copy link
Contributor

sfod commented Oct 20, 2025

cipher_pref documentation should be added to top of each builder file, in the Optional Keyword Arguments section.

sfod
sfod reviewed Nov 21, 2025
View reviewed changes
awsiot/mqtt_connection_builder.py Outdated
if port == 443 and awscrt.io.is_alpn_available() and use_custom_authorizer is False:
tls_ctx_options.alpn_list = ['http/1.1'] if use_websockets else ['x-amzn-mqtt-ca']

if cipher_pref != awscrt.io.TlsCipherPref.DEFAULT:
Copy link
Contributor

@sfod sfod Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mqtt5 builder has a check for None. Should it be the same here?

Copy link
Contributor Author

@xiazhvera xiazhvera Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch. Instead, added validation assert isinstance(cipher_pref, awscrt.io.TlsCipherPref) instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bretambrose bretambrose bretambrose left review comments

@sfod sfod sfod approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xiazhvera @sfod @bretambrose