diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.h b/src/mod/endpoints/mod_sofia/mod_sofia.h index 603b70ca95..67d08819da 100644 --- a/src/mod/endpoints/mod_sofia/mod_sofia.h +++ b/src/mod/endpoints/mod_sofia/mod_sofia.h @@ -438,6 +438,14 @@ typedef enum { SOFIA_TRANSPORT_SCTP } sofia_transport_t; +typedef enum { + SOFIA_TLS_VERSION_SSLv2 = (1 << 0), + SOFIA_TLS_VERSION_SSLv3 = (1 << 1), + SOFIA_TLS_VERSION_TLSv1 = (1 << 2), + SOFIA_TLS_VERSION_TLSv1_1 = (1 << 3), + SOFIA_TLS_VERSION_TLSv1_2 = (1 << 4), +} sofia_tls_version_t; + typedef enum { SOFIA_GATEWAY_DOWN, SOFIA_GATEWAY_UP, diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c index b46718d1dc..86cda022fc 100644 --- a/src/mod/endpoints/mod_sofia/sofia.c +++ b/src/mod/endpoints/mod_sofia/sofia.c @@ -4579,11 +4579,26 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name) } else if (!strcasecmp(var, "tls-verify-in-subjects")) { profile->tls_verify_in_subjects_str = switch_core_strdup(profile->pool, val); } else if (!strcasecmp(var, "tls-version")) { - - if (!strcasecmp(val, "tlsv1")) { - profile->tls_version = 1; - } else { - profile->tls_version = 0; + char *ps = val, *pe; + while (1) { + int n; + pe = strchr(ps,','); + if (!pe && !(pe = memchr(ps,0,1024))) break; + n = pe-ps; + if (n==5 && !strncasecmp(ps, "sslv2", n)) + profile->tls_version |= SOFIA_TLS_VERSION_SSLv2; + if (n==5 && !strncasecmp(ps, "sslv3", n)) + profile->tls_version |= SOFIA_TLS_VERSION_SSLv3; + if (n==6 && !strncasecmp(ps, "sslv23", n)) + profile->tls_version |= SOFIA_TLS_VERSION_SSLv2 | SOFIA_TLS_VERSION_SSLv3; + if (n==5 && !strncasecmp(ps, "tlsv1", n)) + profile->tls_version |= SOFIA_TLS_VERSION_TLSv1; + if (n==7 && !strncasecmp(ps, "tlsv1.1", n)) + profile->tls_version |= SOFIA_TLS_VERSION_TLSv1_1; + if (n==7 && !strncasecmp(ps, "tlsv1.2", n)) + profile->tls_version |= SOFIA_TLS_VERSION_TLSv1_2; + ps=pe+1; + if (!*pe) break; } } else if (!strcasecmp(var, "tls-timeout")) { int v = atoi(val);