kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2026-05-07 05:44:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
eaee92198d89f7feb4206b412104f439bc80754f
asterisk/main
History
Matthew Jordan eaee92198d main/tcptls: Add support for Perfect Forward Secrecy 
This patch enables Perfect Forward Secrecy (PFS) in Asterisk's core TLS API.
Modules that wish to enable PFS should consider the following:

- Ephemeral ECDH (ECDHE) is enabled by default. To disable it, do not
  specify a ECDHE cipher suite in a module's configuration, for example:
  tlscipher=AES128-SHA:DES-CBC3-SHA

- Ephemeral DH (DHE) is disabled by default. To enable it, add DH parameters
  into the private key file, i.e., tlsprivatekey. For an example, see the
  default dh2048.pem at
http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt

- Because clients expect the server to prefer PFS, and because OpenSSL sorts
  its cipher suites by bit strength, (see "openssl ciphers -v DEFAULT")
  consider re-ordering your cipher suites in the conf file. For example:
tlscipher=AES128+kEECDH:AES128+kEDH:3DES+kEDH:AES128-SHA:DES-CBC3-SHA:-ADH:-AECDH
  will use PFS when offered by the client. Clients which do not offer PFS
  fall-back to AES-128 (or even 3DES as recommend by RFC 3261).

Review: https://reviewboard.asterisk.org/r/3647/

ASTERISK-23905 #close
Reported by: Alexander Traud
patches:
  tlsPFS_for_HEAD.patch uploaded by Alexander Traud (License 6520)
  tlsPFS.patch uploaded by Alexander Traud (License 6520)



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417803 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2014-07-03 12:10:17 +00:00
..
editline
memory leaks: Memory leak cleanup patch by Corey Farrell (first set)
2013-10-23 20:10:30 +00:00
stdtime
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
abstract_jb.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
acl.c
pjsip cli: Change Identify to show CIDR notation instead of netmasks.
2014-06-19 20:13:20 +00:00
adsi.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
alaw.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
aoc.c
stasis: Reduce creation of channel snapshots to improve performance
2014-06-13 18:24:49 +00:00
app.c
voicemail API callbacks: Extract the sayname API call to its own registerd callback.
2014-06-20 17:06:42 +00:00
ast_expr2.c
Allow the REALTIME() function to report errors back to the caller.
2012-07-11 17:16:50 +00:00
ast_expr2.fl
Avoid cppcheck warnings; removing unused vars and a bit of cleanup.
2012-04-17 18:57:40 +00:00
ast_expr2.h
Allow the REALTIME() function to report errors back to the caller.
2012-07-11 17:16:50 +00:00
ast_expr2.y
Multiple revisions 360356-360357
2012-03-24 02:42:42 +00:00
ast_expr2f.c
Doxygen Updates - janitor work
2012-09-21 17:14:59 +00:00
asterisk.c
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00
asterisk.dynamics
Fix error loading res_monitor.
2014-04-23 15:02:39 +00:00
asterisk.exports.in
Add _IO_stdin_used in version-script to fix SIGBUSes on Sparc.
2013-08-22 08:26:55 +00:00
astfd.c
Unregister CLI commands on exit
2013-08-20 15:36:10 +00:00
astmm.c
MALLOC_DEBUG: Change fence magic number to be completely different from the freed magic number.
2013-09-09 23:29:44 +00:00
astobj2_container_private.h
astobj2: Additional refactoring to push impl specific code down into the impls.
2014-06-20 15:27:43 +00:00
astobj2_container.c
ao2_container node object ignores REF_DEBUG in all places except one
2014-06-25 18:57:04 +00:00
astobj2_hash.c
astobj2: Additional refactoring to push impl specific code down into the impls.
2014-06-20 15:27:43 +00:00
astobj2_private.h
astobj2: Additional refactoring to push impl specific code down into the impls.
2014-06-20 15:27:43 +00:00
astobj2_rbtree.c
astobj2: Additional refactoring to push impl specific code down into the impls.
2014-06-20 15:27:43 +00:00
astobj2.c
Ensure REF_DEBUG records entrys for attempts to ao2_ref an invalid object
2014-06-27 19:27:59 +00:00
audiohook.c
TALK_DETECT: A channel function that raises events when talking is detected
2014-05-30 12:42:57 +00:00
autochan.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
autoservice.c
autoservice: stop thread on graceful shutdown
2014-06-09 03:50:45 +00:00
backtrace.c
Fix memory corruption when trying to get "core show locks".
2013-08-23 18:07:40 +00:00
bridge_after.c
bridges/bridge_native_rtp: Reconfigure bridge on removal of framehook
2014-06-08 18:12:53 +00:00
bridge_basic.c
res_pjsip_refer: Fix bugs involving Parking/PJSIP/transfers
2014-05-22 15:52:30 +00:00
bridge_channel.c
Bridging: Allow channels to define bridging hooks
2014-06-26 12:43:47 +00:00
bridge_roles.c
ARI: bridges/{bridgeID}/addChannel: add roles parameter
2013-08-05 16:59:13 +00:00
bridge.c
Bridging: Allow channels to define bridging hooks
2014-06-26 12:43:47 +00:00
bucket.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
buildinfo.c
callerid.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
ccss.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
cdr.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
cel.c
CEL: Add bridge tech to relevant CEL records
2014-06-26 14:48:21 +00:00
channel_internal_api.c
channel_internal_api: Publish a snapshot change when linkedids change
2014-06-15 22:12:49 +00:00
channel.c
Bridging: Allow channels to define bridging hooks
2014-06-26 12:43:47 +00:00
chanvars.c
ast_free() is null tollerant.
2013-08-28 16:09:12 +00:00
cli.c
stasis: Reduce creation of channel snapshots to improve performance
2014-06-13 18:24:49 +00:00
config_options.c
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00
config.c
chan_sip: Fix order of variables specified in SIPNotify action
2014-06-06 21:44:16 +00:00
core_local.c
stasis: Reduce creation of channel snapshots to improve performance
2014-06-13 18:24:49 +00:00
core_unreal.c
core_unreal: Fix off by one buffer overwrite error.
2014-06-23 16:04:33 +00:00
crypt.c
Fix utils directory breakage.
2013-07-04 13:06:15 +00:00
cygload.c
data.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
datastore.c
This is no longer needed.
2013-06-29 00:18:57 +00:00
db.c
We have faced situation when using CDR and CEL by sqlite3 modules. With system having high load (~100 concurrent calls created by sipp) we found many cdr and cel records missed. There is special finction in sqlite3, that make able to fix this situation - sqlite3_wait_timeout, that also can replace awful code cdr_sqlite3 ad cel_sqlite3 modules. Also this function can be used for aastdb and res_config_sqlite3 to avoid missed writes to sqlite db.
2014-06-16 09:04:05 +00:00
devicestate.c
res_corosync: Update module to work with Stasis (and compile)
2014-05-22 12:01:37 +00:00
dial.c
stasis: Reduce creation of channel snapshots to improve performance
2014-06-13 18:24:49 +00:00
dns.c
res_pjsip: Enable PJSIP DNS client support.
2014-03-17 22:54:32 +00:00
dnsmgr.c
Migrate a large number of AMI events over to Stasis-Core
2013-05-24 20:44:07 +00:00
dsp.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
ecdisa.h
endpoints.c
stasis: Reduce creation of channel snapshots to improve performance
2014-06-13 18:24:49 +00:00
enum.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
event.c
event.c: Fix type mismatch errors in ie_maps[].
2014-06-27 23:21:44 +00:00
features_config.c
Eliminate some more unnecessary RAII_VAR() uses.
2014-04-15 18:30:24 +00:00
features.c
Documentation: doc fixes across various parts of the code for ASTERISK issues 23061,23028,23046,23027
2014-01-17 17:16:14 +00:00
file.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
fixedjitterbuf.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
fixedjitterbuf.h
format_cap.c
Cache string values of formats on ast_format_cap() to save processing.
2013-10-03 14:58:16 +00:00
format_pref.c
pjsip: fix support for allow=all
2014-01-17 21:33:26 +00:00
format.c
format.c: Fix misuse of hash container function.
2014-06-11 23:01:19 +00:00
frame.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
framehook.c
bridges/bridge_native_rtp: Reconfigure bridge on removal of framehook
2014-06-08 18:12:53 +00:00
fskmodem_float.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
fskmodem_int.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
fskmodem.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
global_datastores.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
hashtab.c
Fix utilities compilation/linking.
2013-08-16 16:26:11 +00:00
heap.c
Fix incorrect usages of ast_realloc().
2013-09-10 18:05:47 +00:00
http.c
AST-2014-007: Fix of fix to allow AMI and SIP TCP to send messages.
2014-06-13 05:16:34 +00:00
image.c
Reset automerge property.
2012-12-11 22:25:21 +00:00
indications.c
Fix incorrect usages of ast_realloc().
2013-09-10 18:05:47 +00:00
io.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
jitterbuf.c
jitterbuf: Fix memory leak on jitter buffer reset
2013-10-24 19:42:21 +00:00
json.c
json: Fix json API wrapper code for json library versions earlier than 2.3.0.
2014-02-21 17:47:58 +00:00
libasteriskssl.c
Resolve memory leaks in TLS initialization and TLS client connections
2012-09-14 19:53:43 +00:00
libasteriskssl.exports.in
loader.c
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00
lock.c
Revert -r411073. It didn't help and blew up the system.
2014-03-25 15:47:17 +00:00
logger.c
Logger: Add manager command 'LoggerRotate' to rotate logger
2014-06-20 20:29:45 +00:00
Makefile
main/Makefile: Fix build failure on SmartOS/Illumos/SunOS
2014-04-17 20:25:16 +00:00
manager_bridges.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
manager_channels.c
ARI: Add ability to raise arbitrary User Events
2014-05-22 16:09:51 +00:00
manager_endpoints.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
manager_mwi.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
manager_system.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
manager.c
Logger: Add manager command 'LoggerRotate' to rotate logger
2014-06-20 20:29:45 +00:00
md5.c
md5: supress some compiler warnings.
2012-04-28 01:33:49 +00:00
media_index.c
media_index: Make media indexing tolerable of bad symlinks.
2013-12-03 16:39:13 +00:00
message.c
PJSIP: PJSIPNotify - Strip content-length headers and add documentation
2014-06-10 16:06:12 +00:00
mixmonitor.c
Removed quotes from svn:keywords props on a few files.
2013-07-29 17:51:25 +00:00
named_acl.c
Fix various memory leaks
2013-08-30 19:22:59 +00:00
netsock2.c
pjsip cli: Change Identify to show CIDR notation instead of netmasks.
2014-06-19 20:13:20 +00:00
netsock.c
Move eid functions to utils.c, mark netsock.h deprecated
2014-06-24 02:50:15 +00:00
optional_api.c
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00
parking.c
res_pjsip_refer: Fix bugs involving Parking/PJSIP/transfers
2014-05-22 15:52:30 +00:00
pbx.c
stasis: Reduce creation of channel snapshots to improve performance
2014-06-13 18:24:49 +00:00
pickup.c
stasis: Reduce creation of channel snapshots to improve performance
2014-06-13 18:24:49 +00:00
plc.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
poll.c
presencestate.c
Add DeviceStateChanged and PresenceStateChanged AMI events.
2014-04-28 14:40:21 +00:00
privacy.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
rtp_engine.c
Recorded merge of revisions 417677 from http://svn.asterisk.org/svn/asterisk/branches/11
2014-06-30 19:51:28 +00:00
say.c
app_voicemail, say: Add support for Japanese Language
2014-06-30 04:00:19 +00:00
sched.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
sdp_srtp.c
Recorded merge of revisions 417677 from http://svn.asterisk.org/svn/asterisk/branches/11
2014-06-30 19:51:28 +00:00
security_events.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
sem.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
sha1.c
Doxygen Updates - janitor work
2012-09-21 17:14:59 +00:00
sip_api.c
Don't make chan_sip export global symbols.
2012-10-11 15:49:02 +00:00
slinfactory.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
sorcery.c
Prevent duplicate sorcery wizards from being applied to sorcery object types.
2014-04-02 18:57:29 +00:00
sounds_index.c
Whitespace fixes.
2013-12-20 19:06:57 +00:00
srv.c
Removed #if checks for crazy old versions of OS X.
2013-05-08 20:25:28 +00:00
stasis_bridges.c
stasis: Reduce creation of channel snapshots to improve performance
2014-06-13 18:24:49 +00:00
stasis_cache_pattern.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
stasis_cache.c
stasis: Reduce creation of channel snapshots to improve performance
2014-06-13 18:24:49 +00:00
stasis_channels.c
stasis_channels: Update the stasis cache if manager variables are needed
2014-06-18 04:22:05 +00:00
stasis_endpoints.c
ARI: Add ability to raise arbitrary User Events
2014-05-22 16:09:51 +00:00
stasis_message_router.c
stasis: Add methods to allow for synchronous publishing to subscriber
2014-01-12 22:07:01 +00:00
stasis_message.c
res_corosync: Update module to work with Stasis (and compile)
2014-05-22 12:01:37 +00:00
stasis_system.c
Convert CCSS manager events to stasis.
2013-07-19 18:00:35 +00:00
stasis.c
ARI: Add ability to raise arbitrary User Events
2014-05-22 16:09:51 +00:00
strcompat.c
Add builtin roundf() for systems lacking it.
2013-01-19 20:54:07 +00:00
strings.c
string container: Remove unnecessary RAII_VAR usage and string object lock.
2014-01-14 21:46:50 +00:00
stun.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
syslog.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
taskprocessor.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
tcptls.c
main/tcptls: Add support for Perfect Forward Secrecy
2014-07-03 12:10:17 +00:00
tdd.c
Doxygen Updates - janitor work
2012-09-21 17:14:59 +00:00
term.c
Revamp of terminal color codes
2013-02-14 18:47:56 +00:00
test.c
Fix build warnings with TEST_FRAMEWORK enabled
2014-06-19 19:40:45 +00:00
threadpool.c
Fix threadpool rapid growth problem.
2013-06-20 16:29:35 +00:00
threadstorage.c
Unregister CLI commands on exit
2013-08-20 15:36:10 +00:00
timing.c
timing: Improve performance for most timing implementations.
2014-02-07 20:01:45 +00:00
translate.c
Allow Asterisk to compile under GCC 4.10
2014-05-09 22:49:26 +00:00
udptl.c
udptl: Correct FEC to not consider negative sequence numbers as missing
2014-06-26 12:24:25 +00:00
ulaw.c
Multiple revisions 369001-369002
2012-06-15 16:20:16 +00:00
uri.c
core uri: Custom uri parsing error when no query parameters
2014-06-06 20:45:05 +00:00
utils.c
main/untils: Prevent potential infinite loop in ast_careful_fwrite
2014-07-03 11:27:25 +00:00
uuid.c
Add an \extref doxygen pointer for libuuid.
2013-04-26 20:32:11 +00:00
xml.c
Detect and use xsltCleanupGlobals when available
2013-10-03 18:00:15 +00:00
xmldoc.c
Logger/CLI/etc.: Fix some aesthetic issues; reduce chatty verbose messages
2014-05-28 22:54:12 +00:00