kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-03 11:11:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

res_rtp_asterisk: Enable Forward Secrecy (PFS) for DTLS.

Browse Source 
Since July 2014, TLS based protocols (SIP over TLS, Secure WebSockets, HTTPS)
support PFS thanks to ASTERISK-23905. In July 2015, the same feature was added
for DTLS. The source code from main/tcptls.c should have been re-used to ease
security audits. Therefore, this change rolls back the change from July 2015 and
re-uses the code from July 2014. This has the additional benefits to work under
CentOS 7 and enabling not just ECDHE but DHE based cipher suites as well.

ASTERISK-25659 #close
Reported by: StefanEng86, urbaniak, pay123
Tested by: sarumjanuch, traud
patches:
res_rtp_asterisk.patch submitted by sarumjanuch
dtls_centos_step_1.patch submitted by traud
dtls_centos_step_2.patch submitted by traud

Change-Id: I537cadf4421f092a613146b230f2c0ee1be28d5c
This commit is contained in:
Alexander Traud
2016-06-22 14:13:39 +02:00
parent 8cea01ab1b
commit 332beb27d8
5 changed files with 57 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/asterisk/autoconfig.h.in
View File

@@ -548,9 +548,6 @@
/* Define to 1 if CRYPTO has the OpenSSL Elliptic Curve Support feature. */
#undef HAVE_OPENSSL_EC
/* Define if your system has SSL_CTX_set_ecdh_auto declared. */
#undef HAVE_OPENSSL_ECDH_AUTO
/* Define to 1 if CRYPTO has the OpenSSL SRTP Extension Support feature. */
#undef HAVE_OPENSSL_SRTP