diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.h b/src/mod/endpoints/mod_sofia/mod_sofia.h index e307a005ba..25b98725e7 100644 --- a/src/mod/endpoints/mod_sofia/mod_sofia.h +++ b/src/mod/endpoints/mod_sofia/mod_sofia.h @@ -399,6 +399,14 @@ typedef enum { SOFIA_TRANSPORT_WSS } sofia_transport_t; +typedef enum { + SOFIA_TLS_VERSION_SSLv2 = (1 << 0), + SOFIA_TLS_VERSION_SSLv3 = (1 << 1), + SOFIA_TLS_VERSION_TLSv1 = (1 << 2), + SOFIA_TLS_VERSION_TLSv1_1 = (1 << 3), + SOFIA_TLS_VERSION_TLSv1_2 = (1 << 4), +} sofia_tls_version_t; + typedef enum { SOFIA_GATEWAY_DOWN, SOFIA_GATEWAY_UP, diff --git a/src/mod/endpoints/mod_sofia/sofia.c b/src/mod/endpoints/mod_sofia/sofia.c index 753a8e4a40..7d02d77196 100644 --- a/src/mod/endpoints/mod_sofia/sofia.c +++ b/src/mod/endpoints/mod_sofia/sofia.c @@ -4700,11 +4700,26 @@ switch_status_t config_sofia(sofia_config_t reload, char *profile_name) } else if (!strcasecmp(var, "tls-verify-in-subjects") && !zstr(val)) { profile->tls_verify_in_subjects_str = switch_core_strdup(profile->pool, val); } else if (!strcasecmp(var, "tls-version") && !zstr(val)) { - - if (!strcasecmp(val, "tlsv1")) { - profile->tls_version = 1; - } else { - profile->tls_version = 0; + char *ps = val, *pe; + while (1) { + int n; + pe = strchr(ps,','); + if (!pe && !(pe = memchr(ps,0,1024))) break; + n = pe-ps; + if (n==5 && !strncasecmp(ps, "sslv2", n)) + profile->tls_version |= SOFIA_TLS_VERSION_SSLv2; + if (n==5 && !strncasecmp(ps, "sslv3", n)) + profile->tls_version |= SOFIA_TLS_VERSION_SSLv3; + if (n==6 && !strncasecmp(ps, "sslv23", n)) + profile->tls_version |= SOFIA_TLS_VERSION_SSLv2 | SOFIA_TLS_VERSION_SSLv3; + if (n==5 && !strncasecmp(ps, "tlsv1", n)) + profile->tls_version |= SOFIA_TLS_VERSION_TLSv1; + if (n==7 && !strncasecmp(ps, "tlsv1.1", n)) + profile->tls_version |= SOFIA_TLS_VERSION_TLSv1_1; + if (n==7 && !strncasecmp(ps, "tlsv1.2", n)) + profile->tls_version |= SOFIA_TLS_VERSION_TLSv1_2; + ps=pe+1; + if (!*pe) break; } } else if (!strcasecmp(var, "tls-timeout")) { int v = atoi(val);