res_pjsip: Make transport cipher option accept a comma separated list of cipher names.

Improvements to the res_pjsip transport cipher option. * Made the cipher option accept a comma separated list of OpenSSL cipher names. Users of realtime will be glad if they have more than one name to list. * Added the CLI command 'pjsip list ciphers' so a user can know what OpenSSL names are available for the cipher option. * Updated the cipher option online XML documentation to specify what is expected for the value. * Updated pjsip.conf.sample to not indicate that ALL is acceptable since ALL does not imply a preference order for the ciphers and PJSIP does not simply pass the string to OpenSSL for interpretation. ASTERISK-24199 #close Reported by: Joshua Colp Review: https://reviewboard.asterisk.org/r/4018/ ........ Merged revisions 424393 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@424394 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-10-13 00:04:53 +00:00 · 2014-10-02 21:52:56 +00:00
parent 9ff743e995
commit 94105b30a6
3 changed files with 119 additions and 40 deletions
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -653,9 +653,9 @@
 					<description><para>
 						This option only applies if <replaceable>media_encryption</replaceable> is
 						set to <literal>dtls</literal>.
-					</para><para>
-						Many options for acceptable ciphers. See link for more:
-						http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
+					</para>
+					<para>Many options for acceptable ciphers. See link for more:</para>
+					<para>http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
 					</para></description>
 				</configOption>
 				<configOption name="dtls_ca_file">
@@ -820,11 +820,17 @@
 					<synopsis>Certificate file for endpoint (TLS ONLY)</synopsis>
 				</configOption>
 				<configOption name="cipher">
-					<synopsis>Preferred Cryptography Cipher (TLS ONLY)</synopsis>
-					<description><para>
-						Many options for acceptable ciphers see link for more:
-						http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
-					</para></description>
+					<synopsis>Preferred cryptography cipher names (TLS ONLY)</synopsis>
+					<description>
+					<para>Comma separated list of cipher names or numeric equivalents.
+						Numeric quivalents can be either decimal or hexadecimal (0xX).
+					</para>
+					<para>There are many cipher names.  Use the CLI command
+						<literal>pjsip list ciphers</literal> to see a list of cipher
+						names available for your installation.  See link for more:</para>
+					<para>http://www.openssl.org/docs/apps/ciphers.html#CIPHER_SUITE_NAMES
+					</para>
+					</description>
 				</configOption>
 				<configOption name="domain">
 					<synopsis>Domain the transport comes from</synopsis>