From 2b356c2f166066c38f56743846c3614f15c0d4fa Mon Sep 17 00:00:00 2001 From: mom040267 Date: Sat, 10 Jan 2015 09:06:30 +0000 Subject: [PATCH] SSLv2 removal --- ChangeLog | 4 ++-- README.turnserver | 2 -- examples/etc/turnserver.conf | 1 - man/man1/turnserver.1 | 4 ---- src/apps/relay/mainrelay.c | 8 +++++--- src/apps/uclient/mainuclient.c | 2 +- src/apps/uclient/uclient.h | 2 ++ 7 files changed, 10 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index cc7eb311..0d5f99af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -463,9 +463,9 @@ Version 2.6.1.1 'Harding Grim': = In REST API timestamp, we are now using the expiration time (Issue 31). * Configurable cipher suite in the TURN server. - * SSL3 support. + * SSLv3 support. * TLS 1.1 and 1.2 support. - * SSL2 "encapsulation" mode support. + * SSLv2 "encapsulation" mode support. * NULL OpenSSL cipher is allowed to be negotiated between server and client. * -U option (NULL cipher) added to the test client. diff --git a/README.turnserver b/README.turnserver index 5add8ab8..aab31884 100644 --- a/README.turnserver +++ b/README.turnserver @@ -191,8 +191,6 @@ Flags: --dh2066 Use 2066 bits predefined DH TLS key. Default size of the key is 1066. ---no-sslv2 Do not allow SSLv2 protocol. - --no-sslv3 Do not allow SSLv3 protocol. --no-tlsv1 Do not allow TLSv1/DTLSv1 protocol. diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf index 2ba9d673..1f0908cf 100644 --- a/examples/etc/turnserver.conf +++ b/examples/etc/turnserver.conf @@ -625,7 +625,6 @@ # Do not allow an SSL/TLS/DTLS version of protocol # -#no-sslv2 #no-sslv3 #no-tlsv1 #no-tlsv1_1 diff --git a/man/man1/turnserver.1 b/man/man1/turnserver.1 index f655a51a..8b69332b 100644 --- a/man/man1/turnserver.1 +++ b/man/man1/turnserver.1 @@ -282,10 +282,6 @@ Use 566 bits predefined DH TLS key. Default size of the key is 1066. Use 2066 bits predefined DH TLS key. Default size of the key is 1066. .TP .B -\fB\-\-no\-sslv2\fP -Do not allow SSLv2 protocol. -.TP -.B \fB\-\-no\-sslv3\fP Do not allow SSLv3 protocol. .TP diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 886b10e7..eb4c19d7 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -81,7 +81,8 @@ NULL, DH_1066, "", "", "", "turn_server_cert.pem","turn_server_pkey.pem", "", "", -0,0,0,0,0, +1, +0,0,0,0, #if !TLS_SUPPORTED 1, #else @@ -518,7 +519,6 @@ static char Usage[] = "Usage: turnserver [options]\n" " --dh2066 Use 2066 bits predefined DH TLS key. Default size of the predefined key is 1066.\n" " --dh-file Use custom DH TLS key, stored in PEM format in the file.\n" " Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.\n" -" --no-sslv2 Do not allow SSLv2 protocol.\n" " --no-sslv3 Do not allow SSLv3 protocol.\n" " --no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.\n" " --no-tlsv1_1 Do not allow TLSv1.1 protocol.\n" @@ -908,7 +908,7 @@ static void set_option(int c, char *value) turn_params.oauth = get_bool_value(value); break; case NO_SSLV2_OPT: - turn_params.no_sslv2 = get_bool_value(value); + //deprecated break; case NO_SSLV3_OPT: turn_params.no_sslv3 = get_bool_value(value); @@ -2531,9 +2531,11 @@ static void set_ctx(SSL_CTX* ctx, const char *protocol) { int op = 0; +#if !defined(OPENSSL_NO_SSL2) #if defined(SSL_OP_NO_SSLv2) if(turn_params.no_sslv2) op |= SSL_OP_NO_SSLv2; +#endif #endif if(turn_params.no_sslv3) op |= SSL_OP_NO_SSLv3; diff --git a/src/apps/uclient/mainuclient.c b/src/apps/uclient/mainuclient.c index d19a95b1..9f14237d 100644 --- a/src/apps/uclient/mainuclient.c +++ b/src/apps/uclient/mainuclient.c @@ -496,7 +496,7 @@ int main(int argc, char **argv) SSL_load_error_strings(); OpenSSL_add_ssl_algorithms(); - const char *csuite = "ALL:SSLv2"; //"AES256-SHA" "DH" + const char *csuite = "ALL"; //"AES256-SHA" "DH" if(use_null_cipher) csuite = "eNULL"; else if(cipher_suite[0]) diff --git a/src/apps/uclient/uclient.h b/src/apps/uclient/uclient.h index 3d0267d6..dde2b887 100644 --- a/src/apps/uclient/uclient.h +++ b/src/apps/uclient/uclient.h @@ -36,6 +36,8 @@ #include "session.h" #include +#include +#include #ifdef __cplusplus extern "C" {