sysmocom
/
pjproject
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add missing openssl SECLEVEL=0 support (#3890) 

Previous SECLEVEL support allowed for levels 1-5.
However, openssl defines levels 0-5. [1]

Recent openssl versions (3.0+) have moved previous
popular ciphers/key lengths (i.e. RSA1024withSHA1)
into level 0, so it is now a reasonable choice to use.

Add support for level 0.

[1] https://www.openssl.org/docs/man3.2/man3/SSL_CTX_set_security_level.html
This commit is contained in:
naf 2024-03-19 03:02:07 -05:00 committed by GitHub
parent a974061441
commit cfde494dc3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pjlib/src/pj/ssl_sock_ossl.c
View File

@ -483,11 +483,12 @@ static pj_str_t ssl_strerror(pj_status_t status,
*/
static const struct ssl_ciphers_t ADDITIONAL_CIPHERS[] = {
{0xFF000000, "DEFAULT"},
{0xFF000001, "@SECLEVEL=1"},
{0xFF000002, "@SECLEVEL=2"},
{0xFF000003, "@SECLEVEL=3"},
{0xFF000004, "@SECLEVEL=4"},
{0xFF000005, "@SECLEVEL=5"}
{0xFF000001, "@SECLEVEL=0"},
{0xFF000002, "@SECLEVEL=1"},
{0xFF000003, "@SECLEVEL=2"},
{0xFF000004, "@SECLEVEL=3"},
{0xFF000005, "@SECLEVEL=4"},
{0xFF000006, "@SECLEVEL=5"}
};
static const unsigned int ADDITIONAL_CIPHER_COUNT =
sizeof (ADDITIONAL_CIPHERS) / sizeof (ADDITIONAL_CIPHERS[0]);