#1845 closed enhancement (fixed)
Add support if OpenSSL library has more than 100 cipher suites
Reported by: | ming | Owned by: | bennylp |
---|---|---|---|
Priority: | normal | Milestone: | release-2.4.5 |
Component: | applications | Version: | trunk |
Keywords: | Cc: | ||
Backport to 1.x milestone: | Backported: | no |
Description
Add support if the underlying OpenSSL library supports more than 100 suites.
Currently, the pjproject assumes no OpenSSL library with more than 100
cipher suites exists. OpenSSL 1.0.1 in Ubuntu 14.04 has 98. However, the
amount of cipher suites raised a lot. If such a library (with more than 100 ciphers) is used, only the first 100
cipher-suites are allowed to be set manually (for example via --tls-cipher
in pjsua). If the cipher suites are not changed manually, this code is not
passed and the default cipher-suites are offered by pjsua (even if there are
more than 128).
The ticket also allows all available cipher suites by changing the filter from "ALL" to
"ALL:COMPLEMENTOFALL". The OpenSSL team disabled ciphers without encryption
(eNULL). However, those can be useful while testing. This change does not
change existing implementations, because the implementation of the method
"set_cipher_list" sets the list (implicitly) to "DEFAULT" when the condition
"ssock->param.ciphers_num == 0" is met (= no cipher-suites are set
manually). DEFAULT is without aNULL and eNULL ciphers.
Special thanks to Alexander Traud for the patch and the ticket description above.
Change History (2)
comment:1 Changed 10 years ago by ming
- Resolution set to fixed
- Status changed from new to closed
comment:2 Changed 10 years ago by ming
In 5077:
In 5076: