mirror of
				https://github.com/coturn/coturn.git
				synced 2025-10-25 21:11:00 +02:00 
			
		
		
		
	SSLv2 removal
This commit is contained in:
		
							parent
							
								
									5cd0d33c31
								
							
						
					
					
						commit
						2b356c2f16
					
				| @ -463,9 +463,9 @@ Version 2.6.1.1 'Harding Grim': | |||||||
| 			= In REST API timestamp, we are now using | 			= In REST API timestamp, we are now using | ||||||
| 				the expiration time (Issue 31). | 				the expiration time (Issue 31). | ||||||
| 		* Configurable cipher suite in the TURN server. | 		* Configurable cipher suite in the TURN server. | ||||||
| 		* SSL3 support. | 		* SSLv3 support. | ||||||
| 		* TLS 1.1 and 1.2 support. | 		* TLS 1.1 and 1.2 support. | ||||||
| 		* SSL2 "encapsulation" mode support. | 		* SSLv2 "encapsulation" mode support. | ||||||
| 		* NULL OpenSSL cipher is allowed to be negotiated between | 		* NULL OpenSSL cipher is allowed to be negotiated between | ||||||
| 			server and client. | 			server and client. | ||||||
| 		* -U option (NULL cipher) added to the test client. | 		* -U option (NULL cipher) added to the test client. | ||||||
|  | |||||||
| @ -191,8 +191,6 @@ Flags: | |||||||
| 
 | 
 | ||||||
| --dh2066		Use 2066 bits predefined DH TLS key. Default size of the key is 1066. | --dh2066		Use 2066 bits predefined DH TLS key. Default size of the key is 1066. | ||||||
| 
 | 
 | ||||||
| --no-sslv2		Do not allow SSLv2 protocol. |  | ||||||
| 
 |  | ||||||
| --no-sslv3		Do not allow SSLv3 protocol. | --no-sslv3		Do not allow SSLv3 protocol. | ||||||
| 
 | 
 | ||||||
| --no-tlsv1		Do not allow TLSv1/DTLSv1 protocol. | --no-tlsv1		Do not allow TLSv1/DTLSv1 protocol. | ||||||
|  | |||||||
| @ -625,7 +625,6 @@ | |||||||
| 
 | 
 | ||||||
| # Do not allow an SSL/TLS/DTLS version of protocol | # Do not allow an SSL/TLS/DTLS version of protocol | ||||||
| # | # | ||||||
| #no-sslv2 |  | ||||||
| #no-sslv3 | #no-sslv3 | ||||||
| #no-tlsv1 | #no-tlsv1 | ||||||
| #no-tlsv1_1 | #no-tlsv1_1 | ||||||
|  | |||||||
| @ -282,10 +282,6 @@ Use 566 bits predefined DH TLS key. Default size of the key is 1066. | |||||||
| Use 2066 bits predefined DH TLS key. Default size of the key is 1066. | Use 2066 bits predefined DH TLS key. Default size of the key is 1066. | ||||||
| .TP | .TP | ||||||
| .B | .B | ||||||
| \fB\-\-no\-sslv2\fP |  | ||||||
| Do not allow SSLv2 protocol. |  | ||||||
| .TP |  | ||||||
| .B |  | ||||||
| \fB\-\-no\-sslv3\fP | \fB\-\-no\-sslv3\fP | ||||||
| Do not allow SSLv3 protocol. | Do not allow SSLv3 protocol. | ||||||
| .TP | .TP | ||||||
|  | |||||||
| @ -81,7 +81,8 @@ NULL, | |||||||
| 
 | 
 | ||||||
| DH_1066, "", "", "", | DH_1066, "", "", "", | ||||||
| "turn_server_cert.pem","turn_server_pkey.pem", "", "", | "turn_server_cert.pem","turn_server_pkey.pem", "", "", | ||||||
| 0,0,0,0,0, | 1, | ||||||
|  | 0,0,0,0, | ||||||
| #if !TLS_SUPPORTED | #if !TLS_SUPPORTED | ||||||
| 1, | 1, | ||||||
| #else | #else | ||||||
| @ -518,7 +519,6 @@ static char Usage[] = "Usage: turnserver [options]\n" | |||||||
| " --dh2066					Use 2066 bits predefined DH TLS key. Default size of the predefined key is 1066.\n" | " --dh2066					Use 2066 bits predefined DH TLS key. Default size of the predefined key is 1066.\n" | ||||||
| " --dh-file	<dh-file-name>			Use custom DH TLS key, stored in PEM format in the file.\n" | " --dh-file	<dh-file-name>			Use custom DH TLS key, stored in PEM format in the file.\n" | ||||||
| "						Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.\n" | "						Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.\n" | ||||||
| " --no-sslv2					Do not allow SSLv2 protocol.\n" |  | ||||||
| " --no-sslv3					Do not allow SSLv3 protocol.\n" | " --no-sslv3					Do not allow SSLv3 protocol.\n" | ||||||
| " --no-tlsv1					Do not allow TLSv1/DTLSv1 protocol.\n" | " --no-tlsv1					Do not allow TLSv1/DTLSv1 protocol.\n" | ||||||
| " --no-tlsv1_1					Do not allow TLSv1.1 protocol.\n" | " --no-tlsv1_1					Do not allow TLSv1.1 protocol.\n" | ||||||
| @ -908,7 +908,7 @@ static void set_option(int c, char *value) | |||||||
| 	  turn_params.oauth = get_bool_value(value); | 	  turn_params.oauth = get_bool_value(value); | ||||||
| 	  break; | 	  break; | ||||||
|   case NO_SSLV2_OPT: |   case NO_SSLV2_OPT: | ||||||
| 	  turn_params.no_sslv2 = get_bool_value(value); |     //deprecated
 | ||||||
| 	  break; | 	  break; | ||||||
|   case NO_SSLV3_OPT: |   case NO_SSLV3_OPT: | ||||||
| 	  turn_params.no_sslv3 = get_bool_value(value); | 	  turn_params.no_sslv3 = get_bool_value(value); | ||||||
| @ -2531,9 +2531,11 @@ static void set_ctx(SSL_CTX* ctx, const char *protocol) | |||||||
| 	{ | 	{ | ||||||
| 		int op = 0; | 		int op = 0; | ||||||
| 
 | 
 | ||||||
|  | #if !defined(OPENSSL_NO_SSL2) | ||||||
| #if defined(SSL_OP_NO_SSLv2) | #if defined(SSL_OP_NO_SSLv2) | ||||||
| 		if(turn_params.no_sslv2) | 		if(turn_params.no_sslv2) | ||||||
| 			op |= SSL_OP_NO_SSLv2; | 			op |= SSL_OP_NO_SSLv2; | ||||||
|  | #endif | ||||||
| #endif | #endif | ||||||
| 		if(turn_params.no_sslv3) | 		if(turn_params.no_sslv3) | ||||||
| 			op |= SSL_OP_NO_SSLv3; | 			op |= SSL_OP_NO_SSLv3; | ||||||
|  | |||||||
| @ -496,7 +496,7 @@ int main(int argc, char **argv) | |||||||
| 		SSL_load_error_strings(); | 		SSL_load_error_strings(); | ||||||
| 		OpenSSL_add_ssl_algorithms(); | 		OpenSSL_add_ssl_algorithms(); | ||||||
| 
 | 
 | ||||||
| 		const char *csuite = "ALL:SSLv2"; //"AES256-SHA" "DH"
 | 		const char *csuite = "ALL"; //"AES256-SHA" "DH"
 | ||||||
| 		if(use_null_cipher) | 		if(use_null_cipher) | ||||||
| 			csuite = "eNULL"; | 			csuite = "eNULL"; | ||||||
| 		else if(cipher_suite[0]) | 		else if(cipher_suite[0]) | ||||||
|  | |||||||
| @ -36,6 +36,8 @@ | |||||||
| #include "session.h" | #include "session.h" | ||||||
| 
 | 
 | ||||||
| #include <openssl/ssl.h> | #include <openssl/ssl.h> | ||||||
|  | #include <openssl/dh.h> | ||||||
|  | #include <openssl/bn.h> | ||||||
| 
 | 
 | ||||||
| #ifdef __cplusplus | #ifdef __cplusplus | ||||||
| extern "C" { | extern "C" { | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user