res_pjsip: Make transport cipher option accept a comma separated list of cipher names.

Improvements to the res_pjsip transport cipher option. * Made the cipher option accept a comma separated list of OpenSSL cipher names. Users of realtime will be glad if they have more than one name to list. * Added the CLI command 'pjsip list ciphers' so a user can know what OpenSSL names are available for the cipher option. * Updated the cipher option online XML documentation to specify what is expected for the value. * Updated pjsip.conf.sample to not indicate that ALL is acceptable since ALL does not imply a preference order for the ciphers and PJSIP does not simply pass the string to OpenSSL for interpretation. ASTERISK-24199 #close Reported by: Joshua Colp Review: https://reviewboard.asterisk.org/r/4018/ ........ Merged revisions 424393 from http://svn.asterisk.org/svn/asterisk/branches/12 ........ Merged revisions 424394 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@424395 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-09-04 11:58:52 +00:00 · 2014-10-02 21:55:37 +00:00
parent b15cd42b5b
commit 2b0777c017
3 changed files with 119 additions and 40 deletions
--- a/configs/samples/pjsip.conf.sample
+++ b/configs/samples/pjsip.conf.sample
@@ -148,7 +148,7 @@
 ;bind=0.0.0.0
 ;cert_file=/path/mycert.crt
 ;priv_key_file=/path/mykey.key
-;cipher=ALL
+;cipher=ADH-AES256-SHA,ADH-AES128-SHA
 ;method=tlsv1


@@ -648,7 +648,7 @@
 ;ca_list_file=  ; File containing a list of certificates to read TLS ONLY
                ; (default: "")
 ;cert_file=     ; Certificate file for endpoint TLS ONLY (default: "")
-;cipher=        ; Preferred Cryptography Cipher TLS ONLY (default: "")
+;cipher=        ; Preferred cryptography cipher names TLS ONLY (default: "")
 ;domain=        ; Domain the transport comes from (default: "")
 ;external_media_address=        ; External IP address to use in RTP handling
                                ; (default: "")