Commit 6cbc4109 authored by Rafaël Carré's avatar Rafaël Carré

Disable SSLv2 support from pjsip and sflphone

SSLv2 support has been removed from OpenSSL in Ubuntu Oneiric
parent 4cfad87c
......@@ -307,15 +307,6 @@ typedef enum pj_ssl_cipher {
PJ_SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x0000001D,
PJ_SSL_FORTEZZA_KEA_WITH_RC4_128_SHA = 0x0000001E,
/* SSLv2 */
PJ_SSL_CK_RC4_128_WITH_MD5 = 0x00010080,
PJ_SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x00020080,
PJ_SSL_CK_RC2_128_CBC_WITH_MD5 = 0x00030080,
PJ_SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x00040080,
PJ_SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x00050080,
PJ_SSL_CK_DES_64_CBC_WITH_MD5 = 0x00060040,
PJ_SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x000700C0
} pj_ssl_cipher;
......@@ -466,9 +457,7 @@ typedef enum pj_ssl_sock_proto
PJ_SSL_SOCK_PROTO_DEFAULT, /**< Default protocol of backend. */
PJ_SSL_SOCK_PROTO_TLS1, /**< TLSv1.0 protocol. */
PJ_SSL_SOCK_PROTO_SSL3, /**< SSLv3.0 protocol. */
PJ_SSL_SOCK_PROTO_SSL23, /**< SSLv3.0 but can roll back to
SSLv2.0. */
PJ_SSL_SOCK_PROTO_SSL2, /**< SSLv2.0 protocol. */
PJ_SSL_SOCK_PROTO_SSL23, /**< SSLv3.0 but can roll back to SSLv2.0. */
PJ_SSL_SOCK_PROTO_DTLS1 /**< DTLSv1.0 protocol. */
} pj_ssl_sock_proto;
......
......@@ -310,8 +310,6 @@ static pj_status_t init_openssl(void)
meth = (SSL_METHOD*)TLSv1_server_method();
if (!meth)
meth = (SSL_METHOD*)SSLv3_server_method();
if (!meth)
meth = (SSL_METHOD*)SSLv2_server_method();
pj_assert(meth);
ctx=SSL_CTX_new(meth);
......@@ -488,9 +486,6 @@ static pj_status_t create_ssl(pj_ssl_sock_t *ssock)
case PJ_SSL_SOCK_PROTO_TLS1:
ssl_method = (SSL_METHOD*)TLSv1_method();
break;
case PJ_SSL_SOCK_PROTO_SSL2:
ssl_method = (SSL_METHOD*)SSLv2_method();
break;
case PJ_SSL_SOCK_PROTO_SSL3:
ssl_method = (SSL_METHOD*)SSLv3_method();
break;
......
......@@ -304,9 +304,6 @@ PJ_DEF(pj_status_t) pjsip_tls_transport_start (pjsip_endpoint *endpt,
case PJSIP_TLSV1_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
break;
case PJSIP_SSLV2_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2;
break;
case PJSIP_SSLV3_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3;
break;
......@@ -881,9 +878,6 @@ static pj_status_t lis_create_transport(pjsip_tpfactory *factory,
case PJSIP_TLSV1_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_TLS1;
break;
case PJSIP_SSLV2_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL2;
break;
case PJSIP_SSLV3_METHOD:
ssock_param.proto = PJ_SSL_SOCK_PROTO_SSL3;
break;
......
......@@ -351,9 +351,6 @@ static pj_status_t create_ctx( struct tls_listener *lis, SSL_CTX **p_ctx)
case PJSIP_TLSV1_METHOD:
ssl_method = TLSv1_method();
break;
case PJSIP_SSLV2_METHOD:
ssl_method = SSLv2_method();
break;
case PJSIP_SSLV3_METHOD:
ssl_method = SSLv3_method();
break;
......
......@@ -175,7 +175,6 @@ std::vector<std::string> ConfigurationManager::getSupportedTlsMethod (void)
std::vector<std::string> method;
method.push_back ("Default");
method.push_back ("TLSv1");
method.push_back ("SSLv2");
method.push_back ("SSLv3");
method.push_back ("SSLv23");
return method;
......
......@@ -576,9 +576,6 @@ pjsip_ssl_method SIPAccount::sslMethodStringToPjEnum (const std::string& method)
if (method == "TLSv1")
return PJSIP_TLSV1_METHOD;
if (method == "SSLv2")
return PJSIP_SSLV2_METHOD;
if (method == "SSLv3")
return PJSIP_SSLV3_METHOD;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment