Changeset 4869 for pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

Timestamp:

Jul 2, 2014 6:57:53 PM (10 years ago)

Author:

bennylp

Message:

Closed #1775: Changing OpenSSL default method from TLSv1 to SSLv23 to enable enable AES-GCM cipher suites in default (thanks Alexander Traud for the patch).

Also fixed a bug in SIP TLS transport (sip_transport_tls.c). According to sip_transport_tls.h:94, when PJSIP_SSL_UNSPECIFIED_METHOD is set as method, PJSIP_SSL_DEFAULT_METHOD will be used. But the implementation uses PJ_SSL_SOCK_PROTO_DEFAULT instead of PJSIP_SSL_DEFAULT_METHOD. Currently this is fine because both resolve to TLSv1, but the patch will break it.

File:

• pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c (modified) (2 diffs)

pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

@@ -507 +507 @@
     /* Determine SSL method to use */
     switch (ssock->param.proto) {
-    case PJ_SSL_SOCK_PROTO_DEFAULT:
     case PJ_SSL_SOCK_PROTO_TLS1:
         ssl_method = (SSL_METHOD*)TLSv1_method();
@@ -519 +518 @@
         ssl_method = (SSL_METHOD*)SSLv3_method();
         break;
+    case PJ_SSL_SOCK_PROTO_DEFAULT:
     case PJ_SSL_SOCK_PROTO_SSL23:
         ssl_method = (SSL_METHOD*)SSLv23_method();