res_pjsip: Make transport cipher option accept a comma separated list of cipher names.

Improvements to the res_pjsip transport cipher option. * Made the cipher option accept a comma separated list of OpenSSL cipher names. Users of realtime will be glad if they have more than one name to list. * Added the CLI command 'pjsip list ciphers' so a user can know what OpenSSL names are available for the cipher option. * Updated the cipher option online XML documentation to specify what is expected for the value. * Updated pjsip.conf.sample to not indicate that ALL is acceptable since ALL does not imply a preference order for the ciphers and PJSIP does not simply pass the string to OpenSSL for interpretation. ASTERISK-24199 #close Reported by: Joshua Colp Review: https://reviewboard.asterisk.org/r/4018/ ........ Merged revisions 424393 from http://svn.asterisk.org/svn/asterisk/branches/12 ........ Merged revisions 424394 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@424395 65c4cc65-6c06-0410-ace0-fbb531ad65f3
author: Richard Mudgett <rmudgett@digium.com> 2014-10-02 21:55:37 +0000
committer: Richard Mudgett <rmudgett@digium.com> 2014-10-02 21:55:37 +0000
commit: 2b0777c0175ecd0cf8ba992ca3544ac0c6335151 (patch)
tree: 044c19197a7fda9c45ccd783841cf3fcd1cb05bb /res/res_pjsip.c
parent: b15cd42b5b1ed76231f9dfcf958b552263e2a902 (diff)
1 files changed, 14 insertions, 8 deletions
diff --git a/res/res_pjsip.c b/res/res_pjsip.c
index e6d0d0c48..bbcf543df 100644
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -653,9 +653,9 @@
 					<description><para>
 						This option only applies if <replaceable>media_encryption</replaceable> is
 						set to <literal>dtls</literal>.
-					</para><para>
-						Many options for acceptable ciphers. See link for more:
-						http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
+					</para>
+					<para>Many options for acceptable ciphers. See link for more:</para>
+					<para>http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
 					</para></description>
 				</configOption>
 				<configOption name="dtls_ca_file">
@@ -820,11 +820,17 @@
 					<synopsis>Certificate file for endpoint (TLS ONLY)</synopsis>
 				</configOption>
 				<configOption name="cipher">
-					<synopsis>Preferred Cryptography Cipher (TLS ONLY)</synopsis>
-					<description><para>
-						Many options for acceptable ciphers see link for more:
-						http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
-					</para></description>
+					<synopsis>Preferred cryptography cipher names (TLS ONLY)</synopsis>
+					<description>
+					<para>Comma separated list of cipher names or numeric equivalents.
+						Numeric quivalents can be either decimal or hexadecimal (0xX).
+					</para>
+					<para>There are many cipher names.  Use the CLI command
+						<literal>pjsip list ciphers</literal> to see a list of cipher
+						names available for your installation.  See link for more:</para>
+					<para>http://www.openssl.org/docs/apps/ciphers.html#CIPHER_SUITE_NAMES
+					</para>
+					</description>
 				</configOption>
 				<configOption name="domain">
 					<synopsis>Domain the transport comes from</synopsis>
author	Richard Mudgett <rmudgett@digium.com>	2014-10-02 21:55:37 +0000
committer	Richard Mudgett <rmudgett@digium.com>	2014-10-02 21:55:37 +0000
commit	2b0777c0175ecd0cf8ba992ca3544ac0c6335151 (patch)
tree	044c19197a7fda9c45ccd783841cf3fcd1cb05bb /res/res_pjsip.c
parent	b15cd42b5b1ed76231f9dfcf958b552263e2a902 (diff)