diff options
author | Richard Mudgett <rmudgett@digium.com> | 2014-10-02 21:55:37 +0000 |
---|---|---|
committer | Richard Mudgett <rmudgett@digium.com> | 2014-10-02 21:55:37 +0000 |
commit | 2b0777c0175ecd0cf8ba992ca3544ac0c6335151 (patch) | |
tree | 044c19197a7fda9c45ccd783841cf3fcd1cb05bb /res/res_pjsip.c | |
parent | b15cd42b5b1ed76231f9dfcf958b552263e2a902 (diff) |
res_pjsip: Make transport cipher option accept a comma separated list of cipher names.
Improvements to the res_pjsip transport cipher option.
* Made the cipher option accept a comma separated list of OpenSSL cipher
names. Users of realtime will be glad if they have more than one name to
list.
* Added the CLI command 'pjsip list ciphers' so a user can know what
OpenSSL names are available for the cipher option.
* Updated the cipher option online XML documentation to specify what is
expected for the value.
* Updated pjsip.conf.sample to not indicate that ALL is acceptable since
ALL does not imply a preference order for the ciphers and PJSIP does not
simply pass the string to OpenSSL for interpretation.
ASTERISK-24199 #close
Reported by: Joshua Colp
Review: https://reviewboard.asterisk.org/r/4018/
........
Merged revisions 424393 from http://svn.asterisk.org/svn/asterisk/branches/12
........
Merged revisions 424394 from http://svn.asterisk.org/svn/asterisk/branches/13
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@424395 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res/res_pjsip.c')
-rw-r--r-- | res/res_pjsip.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/res/res_pjsip.c b/res/res_pjsip.c index e6d0d0c48..bbcf543df 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -653,9 +653,9 @@ <description><para> This option only applies if <replaceable>media_encryption</replaceable> is set to <literal>dtls</literal>. - </para><para> - Many options for acceptable ciphers. See link for more: - http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS + </para> + <para>Many options for acceptable ciphers. See link for more:</para> + <para>http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS </para></description> </configOption> <configOption name="dtls_ca_file"> @@ -820,11 +820,17 @@ <synopsis>Certificate file for endpoint (TLS ONLY)</synopsis> </configOption> <configOption name="cipher"> - <synopsis>Preferred Cryptography Cipher (TLS ONLY)</synopsis> - <description><para> - Many options for acceptable ciphers see link for more: - http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS - </para></description> + <synopsis>Preferred cryptography cipher names (TLS ONLY)</synopsis> + <description> + <para>Comma separated list of cipher names or numeric equivalents. + Numeric quivalents can be either decimal or hexadecimal (0xX). + </para> + <para>There are many cipher names. Use the CLI command + <literal>pjsip list ciphers</literal> to see a list of cipher + names available for your installation. See link for more:</para> + <para>http://www.openssl.org/docs/apps/ciphers.html#CIPHER_SUITE_NAMES + </para> + </description> </configOption> <configOption name="domain"> <synopsis>Domain the transport comes from</synopsis> |