From fb8dc8a7362ad00334819e86ff374bfdde46c91b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A9sz=C3=A1ros=20Mih=C3=A1ly?= Date: Wed, 15 Apr 2020 22:07:26 +0200 Subject: [PATCH] Change DH key size default from 1066 to 2066 --- README.turnserver | 6 +++--- man/man1/turnadmin.1 | 2 +- man/man1/turnserver.1 | 10 +++++----- man/man1/turnutils.1 | 2 +- src/apps/relay/mainrelay.c | 22 +++++++++++----------- 5 files changed, 21 insertions(+), 21 deletions(-) diff --git a/README.turnserver b/README.turnserver index 4f2b28d0..0d14a8fa 100644 --- a/README.turnserver +++ b/README.turnserver @@ -190,9 +190,9 @@ Flags: --oauth Support oAuth authentication, as in the third-party STUN/TURN RFC 7635. ---dh566 Use 566 bits predefined DH TLS key. Default size of the key is 1066. +--dh566 Use 566 bits predefined DH TLS key. Default size of the key is 2066. ---dh2066 Use 2066 bits predefined DH TLS key. Default size of the key is 1066. +--dh1066 Use 1066 bits predefined DH TLS key. Default size of the key is 2066. --no-tlsv1 Do not allow TLSv1/DTLSv1 protocol. @@ -457,7 +457,7 @@ Options with values: by this option. --dh-file Use custom DH TLS key, stored in PEM format in the file. - Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file. + Flags --dh566 and --dh1066 are ignored when the DH key is taken from a file. -l, --log-file Option to set the full path name of the log file. By default, the turnserver tries to open a log file in diff --git a/man/man1/turnadmin.1 b/man/man1/turnadmin.1 index 92b16624..328b53ce 100644 --- a/man/man1/turnadmin.1 +++ b/man/man1/turnadmin.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "12 February 2020" "" "" +.TH TURN 1 "15 April 2020" "" "" .SH GENERAL INFORMATION \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage diff --git a/man/man1/turnserver.1 b/man/man1/turnserver.1 index 6c7e96a4..24f45b96 100644 --- a/man/man1/turnserver.1 +++ b/man/man1/turnserver.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "12 February 2020" "" "" +.TH TURN 1 "15 April 2020" "" "" .SH GENERAL INFORMATION The \fBTURN Server\fP project contains the source code of a TURN server and TURN client @@ -281,11 +281,11 @@ Support oAuth authentication, as in the third\-party STUN/TURN RFC 7635. .TP .B \fB\-\-dh566\fP -Use 566 bits predefined DH TLS key. Default size of the key is 1066. +Use 566 bits predefined DH TLS key. Default size of the key is 2066. .TP .B -\fB\-\-dh2066\fP -Use 2066 bits predefined DH TLS key. Default size of the key is 1066. +\fB\-\-dh1066\fP +Use 1066 bits predefined DH TLS key. Default size of the key is 2066. .TP .B \fB\-\-no\-tlsv1\fP @@ -667,7 +667,7 @@ by this option. .B \fB\-\-dh\-file\fP Use custom DH TLS key, stored in PEM format in the file. -Flags \fB\-\-dh566\fP and \fB\-\-dh2066\fP are ignored when the DH key is taken from a file. +Flags \fB\-\-dh566\fP and \fB\-\-dh1066\fP are ignored when the DH key is taken from a file. .TP .B \fB\-l\fP, \fB\-\-log\-file\fP diff --git a/man/man1/turnutils.1 b/man/man1/turnutils.1 index 7da65528..9a0778c8 100644 --- a/man/man1/turnutils.1 +++ b/man/man1/turnutils.1 @@ -1,5 +1,5 @@ .\" Text automatically generated by txt2man -.TH TURN 1 "12 February 2020" "" "" +.TH TURN 1 "15 April 2020" "" "" .SH GENERAL INFORMATION A set of turnutils_* programs provides some utility functionality to be used diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c index 6710da6d..82be5457 100644 --- a/src/apps/relay/mainrelay.c +++ b/src/apps/relay/mainrelay.c @@ -90,7 +90,7 @@ NULL, NULL, #endif -DH_1066, "", "", "", +DH_2066, "", "", "", "turn_server_cert.pem","turn_server_pkey.pem", "", "", 0,0,0, #if !TLS_SUPPORTED @@ -555,10 +555,10 @@ static char Usage[] = "Usage: turnserver [options]\n" " if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,\n" " an optimal curve will be automatically calculated, if not defined\n" " by this option.\n" -" --dh566 Use 566 bits predefined DH TLS key. Default size of the predefined key is 1066.\n" -" --dh2066 Use 2066 bits predefined DH TLS key. Default size of the predefined key is 1066.\n" +" --dh566 Use 566 bits predefined DH TLS key. Default size of the predefined key is 2066.\n" +" --dh1066 Use 1066 bits predefined DH TLS key. Default size of the predefined key is 2066.\n" " --dh-file Use custom DH TLS key, stored in PEM format in the file.\n" -" Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.\n" +" Flags --dh566 and --dh1066 are ignored when the DH key is taken from a file.\n" " --no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.\n" " --no-tlsv1_1 Do not allow TLSv1.1 protocol.\n" " --no-tlsv1_2 Do not allow TLSv1.2/DTLSv1.2 protocol.\n" @@ -766,7 +766,7 @@ enum EXTRA_OPTS { CLI_MAX_SESSIONS_OPT, EC_CURVE_NAME_OPT, DH566_OPT, - DH2066_OPT, + DH1066_OPT, NE_TYPE_OPT, NO_SSLV2_OPT, /*deprecated*/ NO_SSLV3_OPT, /*deprecated*/ @@ -896,7 +896,7 @@ static const struct myoption long_options[] = { { "cli-max-output-sessions", required_argument, NULL, CLI_MAX_SESSIONS_OPT }, { "ec-curve-name", required_argument, NULL, EC_CURVE_NAME_OPT }, { "dh566", optional_argument, NULL, DH566_OPT }, - { "dh2066", optional_argument, NULL, DH2066_OPT }, + { "dh1066", optional_argument, NULL, DH1066_OPT }, { "ne", required_argument, NULL, NE_TYPE_OPT }, { "no-sslv2", optional_argument, NULL, NO_SSLV2_OPT }, /* deprecated */ { "no-sslv3", optional_argument, NULL, NO_SSLV3_OPT }, /* deprecated */ @@ -1162,9 +1162,9 @@ static void set_option(int c, char *value) if(get_bool_value(value)) turn_params.dh_key_size = DH_566; break; - case DH2066_OPT: + case DH1066_OPT: if(get_bool_value(value)) - turn_params.dh_key_size = DH_2066; + turn_params.dh_key_size = DH_1066; break; case EC_CURVE_NAME_OPT: STRCPY(turn_params.ec_curve_name,value); @@ -2899,10 +2899,10 @@ static void set_ctx(SSL_CTX** out, const char *protocol, const SSL_METHOD* metho if(!dh) { if(turn_params.dh_key_size == DH_566) dh = get_dh566(); - else if(turn_params.dh_key_size == DH_2066) - dh = get_dh2066(); - else + else if(turn_params.dh_key_size == DH_1066) dh = get_dh1066(); + else + dh = get_dh2066(); } /*