res_pjsip: Make transport cipher option accept a comma separated list of cipher names.

Improvements to the res_pjsip transport cipher option.

* Made the cipher option accept a comma separated list of OpenSSL cipher
names.  Users of realtime will be glad if they have more than one name to
list.

* Added the CLI command 'pjsip list ciphers' so a user can know what
OpenSSL names are available for the cipher option.

* Updated the cipher option online XML documentation to specify what is
expected for the value.

* Updated pjsip.conf.sample to not indicate that ALL is acceptable since
ALL does not imply a preference order for the ciphers and PJSIP does not
simply pass the string to OpenSSL for interpretation.

ASTERISK-24199 #close
Reported by: Joshua Colp

Review: https://reviewboard.asterisk.org/r/4018/
........

Merged revisions 424393 from http://svn.asterisk.org/svn/asterisk/branches/12
........

Merged revisions 424394 from http://svn.asterisk.org/svn/asterisk/branches/13


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@424395 65c4cc65-6c06-0410-ace0-fbb531ad65f3

1 files changed, 2 insertions, 2 deletions

diff --git a/configs/samples/pjsip.conf.sample b/configs/samples/pjsip.conf.sample
index c138815ce..8acd01a63 100644
--- a/configs/samples/pjsip.conf.sample
+++ b/configs/samples/pjsip.conf.sample
@@ -148,7 +148,7 @@
 ;bind=0.0.0.0
 ;cert_file=/path/mycert.crt
 ;priv_key_file=/path/mykey.key
-;cipher=ALL
+;cipher=ADH-AES256-SHA,ADH-AES128-SHA
 ;method=tlsv1
 
 
@@ -648,7 +648,7 @@
 ;ca_list_file=  ; File containing a list of certificates to read TLS ONLY
                 ; (default: "")
 ;cert_file=     ; Certificate file for endpoint TLS ONLY (default: "")
-;cipher=        ; Preferred Cryptography Cipher TLS ONLY (default: "")
+;cipher=        ; Preferred cryptography cipher names TLS ONLY (default: "")
 ;domain=        ; Domain the transport comes from (default: "")
 ;external_media_address=        ; External IP address to use in RTP handling
                                 ; (default: "")