Closed #1775: Changing OpenSSL default method from TLSv1 to SSLv23 to enable enable AES-GCM cipher suites in default (thanks Alexander Traud for the patch).

Also fixed a bug in SIP TLS transport (sip_transport_tls.c). According to [https://trac.pjsip.org/repos/browser/pjproject/trunk/pjsip/include/pjsip/sip_transport_tls.h#L94 sip_transport_tls.h:94], when PJSIP_SSL_UNSPECIFIED_METHOD is set as method, PJSIP_SSL_DEFAULT_METHOD will be used. But the implementation uses PJ_SSL_SOCK_PROTO_DEFAULT instead of PJSIP_SSL_DEFAULT_METHOD. Currently this is fine because both resolve to TLSv1, but the patch will break it.


git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4869 74dad513-b988-da41-8d7b-12977e46ad98

1 files changed, 1 insertions, 1 deletions

diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
index cc99433d..9f83a0db 100644
--- a/pjlib/src/pj/ssl_sock_ossl.c
+++ b/pjlib/src/pj/ssl_sock_ossl.c
@@ -506,7 +506,6 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock)
 
     /* Determine SSL method to use */
     switch (ssock->param.proto) {
-    case PJ_SSL_SOCK_PROTO_DEFAULT:
     case PJ_SSL_SOCK_PROTO_TLS1:
 	ssl_method = (SSL_METHOD*)TLSv1_method();
 	break;
@@ -518,6 +517,7 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock)
     case PJ_SSL_SOCK_PROTO_SSL3:
 	ssl_method = (SSL_METHOD*)SSLv3_method();
 	break;
+    case PJ_SSL_SOCK_PROTO_DEFAULT:
     case PJ_SSL_SOCK_PROTO_SSL23:
 	ssl_method = (SSL_METHOD*)SSLv23_method();
 	break;