Ignore:
Timestamp:
Jul 2, 2014 6:57:53 PM (8 years ago)
Author:
bennylp
Message:

Closed #1775: Changing OpenSSL default method from TLSv1 to SSLv23 to enable enable AES-GCM cipher suites in default (thanks Alexander Traud for the patch).

Also fixed a bug in SIP TLS transport (sip_transport_tls.c). According to sip_transport_tls.h:94, when PJSIP_SSL_UNSPECIFIED_METHOD is set as method, PJSIP_SSL_DEFAULT_METHOD will be used. But the implementation uses PJ_SSL_SOCK_PROTO_DEFAULT instead of PJSIP_SSL_DEFAULT_METHOD. Currently this is fine because both resolve to TLSv1, but the patch will break it.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjlib/src/pj/ssl_sock_ossl.c

    r4862 r4869  
    507507    /* Determine SSL method to use */ 
    508508    switch (ssock->param.proto) { 
    509     case PJ_SSL_SOCK_PROTO_DEFAULT: 
    510509    case PJ_SSL_SOCK_PROTO_TLS1: 
    511510        ssl_method = (SSL_METHOD*)TLSv1_method(); 
     
    519518        ssl_method = (SSL_METHOD*)SSLv3_method(); 
    520519        break; 
     520    case PJ_SSL_SOCK_PROTO_DEFAULT: 
    521521    case PJ_SSL_SOCK_PROTO_SSL23: 
    522522        ssl_method = (SSL_METHOD*)SSLv23_method(); 
Note: See TracChangeset for help on using the changeset viewer.