kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Drop null-auth suites from our default TLS cipher list 

Previously we disallowed anonymous Diffie-Hellman, but there are other
kinds of null-authentication TLS suites.  In particular, disallowing
AECDH is important now that we support elliptic-curve Diffie-Hellman.
This commit is contained in:
Travis Cross 2014-03-05 21:32:07 +00:00
parent 4cf14bce50
commit 6a3dcc9e0f
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
View File

@ -202,7 +202,7 @@ void tls_set_default(tls_issues_t *i)
i->key = i->key ? i->key : i->cert;
i->randFile = i->randFile ? i->randFile : "tls_seed.dat";
i->CAfile = i->CAfile ? i->CAfile : "cafile.pem";
i->ciphers = i->ciphers ? i->ciphers : "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
i->ciphers = i->ciphers ? i->ciphers : "!eNULL:!aNULL:!EXP:!LOW:!MD5:ALL:@STRENGTH";
/* Default SIP cipher */
/* "RSA-WITH-AES-128-CBC-SHA"; */
/* RFC-2543-compatibility ciphersuite */

2
libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h
View File

@ -61,7 +61,7 @@ typedef struct tls_issues_s {
char *CAfile; /* PEM file of CA's */
char *CApath; /* PEM file path of CA's */
char *ciphers; /* Should be one of the above defined ciphers *
* or NULL (default: "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
* or NULL (default: !eNULL:!aNULL:!EXP:!LOW:!MD5:ALL:@STRENGTH)
*/
int version; /* For tls1, version is 1. When ssl3/ssl2 is
* used, it is 0. */