From cfde494dc3631d80e1190318c942931a3cbd50b3 Mon Sep 17 00:00:00 2001
From: naf <naf@sdf.org>
Date: Tue, 19 Mar 2024 03:02:07 -0500
Subject: [PATCH] Add missing openssl SECLEVEL=0 support (#3890)

Previous SECLEVEL support allowed for levels 1-5.
However, openssl defines levels 0-5. [1]

Recent openssl versions (3.0+) have moved previous
popular ciphers/key lengths (i.e. RSA1024withSHA1)
into level 0, so it is now a reasonable choice to use.

Add support for level 0.

[1] https://www.openssl.org/docs/man3.2/man3/SSL_CTX_set_security_level.html
---
 pjlib/src/pj/ssl_sock_ossl.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
index 5253fec05..3716f4f61 100644
--- a/pjlib/src/pj/ssl_sock_ossl.c
+++ b/pjlib/src/pj/ssl_sock_ossl.c
@@ -483,11 +483,12 @@ static pj_str_t ssl_strerror(pj_status_t status,
 */
 static const struct ssl_ciphers_t ADDITIONAL_CIPHERS[] = {
         {0xFF000000, "DEFAULT"},
-        {0xFF000001, "@SECLEVEL=1"},
-        {0xFF000002, "@SECLEVEL=2"},
-        {0xFF000003, "@SECLEVEL=3"},
-        {0xFF000004, "@SECLEVEL=4"},
-        {0xFF000005, "@SECLEVEL=5"}
+        {0xFF000001, "@SECLEVEL=0"},
+        {0xFF000002, "@SECLEVEL=1"},
+        {0xFF000003, "@SECLEVEL=2"},
+        {0xFF000004, "@SECLEVEL=3"},
+        {0xFF000005, "@SECLEVEL=4"},
+        {0xFF000006, "@SECLEVEL=5"}
 };
 static const unsigned int ADDITIONAL_CIPHER_COUNT = 
     sizeof (ADDITIONAL_CIPHERS) / sizeof (ADDITIONAL_CIPHERS[0]);