mirrors/coturn
1
0
Fork 0
mirror of https://github.com/coturn/coturn.git synced 2025-10-23 20:11:17 +02:00
Code Issues Projects Releases Wiki Activity

Change DH key size default from 1066 to 2066

Browse Source
This commit is contained in:
Mészáros Mihály 2020-04-15 22:07:26 +02:00
parent 4722697645
commit fb8dc8a736
5 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.turnserver
View File

@ -190,9 +190,9 @@ Flags:
--oauth Support oAuth authentication, as in the third-party STUN/TURN RFC 7635. --oauth Support oAuth authentication, as in the third-party STUN/TURN RFC 7635.
--dh566 Use 566 bits predefined DH TLS key. Default size of the key is 1066. --dh566 Use 566 bits predefined DH TLS key. Default size of the key is 2066.
--dh2066 Use 2066 bits predefined DH TLS key. Default size of the key is 1066. --dh1066 Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
--no-tlsv1 Do not allow TLSv1/DTLSv1 protocol. --no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.
@ -457,7 +457,7 @@ Options with values:
by this option. by this option.
--dh-file Use custom DH TLS key, stored in PEM format in the file. --dh-file Use custom DH TLS key, stored in PEM format in the file.
Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file. Flags --dh566 and --dh1066 are ignored when the DH key is taken from a file.
-l, --log-file Option to set the full path name of the log file. -l, --log-file Option to set the full path name of the log file.
By default, the turnserver tries to open a log file in By default, the turnserver tries to open a log file in

2
man/man1/turnadmin.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man .\" Text automatically generated by txt2man
.TH TURN 1 "12 February 2020" "" "" .TH TURN 1 "15 April 2020" "" ""
.SH GENERAL INFORMATION .SH GENERAL INFORMATION
\fIturnadmin\fP is a TURN administration tool. This tool can be used to manage \fIturnadmin\fP is a TURN administration tool. This tool can be used to manage

10
man/man1/turnserver.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man .\" Text automatically generated by txt2man
.TH TURN 1 "12 February 2020" "" "" .TH TURN 1 "15 April 2020" "" ""
.SH GENERAL INFORMATION .SH GENERAL INFORMATION
The \fBTURN Server\fP project contains the source code of a TURN server and TURN client The \fBTURN Server\fP project contains the source code of a TURN server and TURN client
@ -281,11 +281,11 @@ Support oAuth authentication, as in the third\-party STUN/TURN RFC 7635.
.TP .TP
.B .B
\fB\-\-dh566\fP \fB\-\-dh566\fP
Use 566 bits predefined DH TLS key. Default size of the key is 1066. Use 566 bits predefined DH TLS key. Default size of the key is 2066.
.TP .TP
.B .B
\fB\-\-dh2066\fP \fB\-\-dh1066\fP
Use 2066 bits predefined DH TLS key. Default size of the key is 1066. Use 1066 bits predefined DH TLS key. Default size of the key is 2066.
.TP .TP
.B .B
\fB\-\-no\-tlsv1\fP \fB\-\-no\-tlsv1\fP
@ -667,7 +667,7 @@ by this option.
.B .B
\fB\-\-dh\-file\fP \fB\-\-dh\-file\fP
Use custom DH TLS key, stored in PEM format in the file. Use custom DH TLS key, stored in PEM format in the file.
Flags \fB\-\-dh566\fP and \fB\-\-dh2066\fP are ignored when the DH key is taken from a file. Flags \fB\-\-dh566\fP and \fB\-\-dh1066\fP are ignored when the DH key is taken from a file.
.TP .TP
.B .B
\fB\-l\fP, \fB\-\-log\-file\fP \fB\-l\fP, \fB\-\-log\-file\fP

2
man/man1/turnutils.1
View File

@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man .\" Text automatically generated by txt2man
.TH TURN 1 "12 February 2020" "" "" .TH TURN 1 "15 April 2020" "" ""
.SH GENERAL INFORMATION .SH GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used A set of turnutils_* programs provides some utility functionality to be used

22
src/apps/relay/mainrelay.c
View File

@ -90,7 +90,7 @@ NULL,
NULL, NULL,
#endif #endif
DH_1066, "", "", "", DH_2066, "", "", "",
"turn_server_cert.pem","turn_server_pkey.pem", "", "", "turn_server_cert.pem","turn_server_pkey.pem", "", "",
0,0,0, 0,0,0,
#if !TLS_SUPPORTED #if !TLS_SUPPORTED
@ -555,10 +555,10 @@ static char Usage[] = "Usage: turnserver [options]\n"
" if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,\n" " if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,\n"
" an optimal curve will be automatically calculated, if not defined\n" " an optimal curve will be automatically calculated, if not defined\n"
" by this option.\n" " by this option.\n"
" --dh566 Use 566 bits predefined DH TLS key. Default size of the predefined key is 1066.\n" " --dh566 Use 566 bits predefined DH TLS key. Default size of the predefined key is 2066.\n"
" --dh2066 Use 2066 bits predefined DH TLS key. Default size of the predefined key is 1066.\n" " --dh1066 Use 1066 bits predefined DH TLS key. Default size of the predefined key is 2066.\n"
" --dh-file <dh-file-name> Use custom DH TLS key, stored in PEM format in the file.\n" " --dh-file <dh-file-name> Use custom DH TLS key, stored in PEM format in the file.\n"
" Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.\n" " Flags --dh566 and --dh1066 are ignored when the DH key is taken from a file.\n"
" --no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.\n" " --no-tlsv1 Do not allow TLSv1/DTLSv1 protocol.\n"
" --no-tlsv1_1 Do not allow TLSv1.1 protocol.\n" " --no-tlsv1_1 Do not allow TLSv1.1 protocol.\n"
" --no-tlsv1_2 Do not allow TLSv1.2/DTLSv1.2 protocol.\n" " --no-tlsv1_2 Do not allow TLSv1.2/DTLSv1.2 protocol.\n"
@ -766,7 +766,7 @@ enum EXTRA_OPTS {
CLI_MAX_SESSIONS_OPT, CLI_MAX_SESSIONS_OPT,
EC_CURVE_NAME_OPT, EC_CURVE_NAME_OPT,
DH566_OPT, DH566_OPT,
DH2066_OPT, DH1066_OPT,
NE_TYPE_OPT, NE_TYPE_OPT,
NO_SSLV2_OPT, /*deprecated*/ NO_SSLV2_OPT, /*deprecated*/
NO_SSLV3_OPT, /*deprecated*/ NO_SSLV3_OPT, /*deprecated*/
@ -896,7 +896,7 @@ static const struct myoption long_options[] = {
{ "cli-max-output-sessions", required_argument, NULL, CLI_MAX_SESSIONS_OPT }, { "cli-max-output-sessions", required_argument, NULL, CLI_MAX_SESSIONS_OPT },
{ "ec-curve-name", required_argument, NULL, EC_CURVE_NAME_OPT }, { "ec-curve-name", required_argument, NULL, EC_CURVE_NAME_OPT },
{ "dh566", optional_argument, NULL, DH566_OPT }, { "dh566", optional_argument, NULL, DH566_OPT },
{ "dh2066", optional_argument, NULL, DH2066_OPT }, { "dh1066", optional_argument, NULL, DH1066_OPT },
{ "ne", required_argument, NULL, NE_TYPE_OPT }, { "ne", required_argument, NULL, NE_TYPE_OPT },
{ "no-sslv2", optional_argument, NULL, NO_SSLV2_OPT }, /* deprecated */ { "no-sslv2", optional_argument, NULL, NO_SSLV2_OPT }, /* deprecated */
{ "no-sslv3", optional_argument, NULL, NO_SSLV3_OPT }, /* deprecated */ { "no-sslv3", optional_argument, NULL, NO_SSLV3_OPT }, /* deprecated */
@ -1162,9 +1162,9 @@ static void set_option(int c, char *value)
if(get_bool_value(value)) if(get_bool_value(value))
turn_params.dh_key_size = DH_566; turn_params.dh_key_size = DH_566;
break; break;
case DH2066_OPT: case DH1066_OPT:
if(get_bool_value(value)) if(get_bool_value(value))
turn_params.dh_key_size = DH_2066; turn_params.dh_key_size = DH_1066;
break; break;
case EC_CURVE_NAME_OPT: case EC_CURVE_NAME_OPT:
STRCPY(turn_params.ec_curve_name,value); STRCPY(turn_params.ec_curve_name,value);
@ -2899,10 +2899,10 @@ static void set_ctx(SSL_CTX** out, const char *protocol, const SSL_METHOD* metho
if(!dh) { if(!dh) {
if(turn_params.dh_key_size == DH_566) if(turn_params.dh_key_size == DH_566)
dh = get_dh566(); dh = get_dh566();
else if(turn_params.dh_key_size == DH_2066) else if(turn_params.dh_key_size == DH_1066)
dh = get_dh2066();
else
dh = get_dh1066(); dh = get_dh1066();
else
dh = get_dh2066();
} }
/* /*