git.ipfire.org Git - thirdparty/asterisk.git/commit

author	Alexander Traud <pabstraud@compuserve.com>
	Wed, 22 Jun 2016 12:13:39 +0000 (14:13 +0200)
committer	Alexander Traud <pabstraud@compuserve.com>
	Wed, 13 Jul 2016 16:48:21 +0000 (11:48 -0500)
commit	332beb27d86c8e1a6220c2ccfc9e54b57d299e02
tree	2c226080a97a88328cceda38194e3598ae6d4005	tree
parent	8cea01ab1b3e07282487d7efe1888f290cc4280a	commit \| diff

res_rtp_asterisk: Enable Forward Secrecy (PFS) for DTLS.

Since July 2014, TLS based protocols (SIP over TLS, Secure WebSockets, HTTPS)
support PFS thanks to ASTERISK-23905. In July 2015, the same feature was added
for DTLS. The source code from main/tcptls.c should have been re-used to ease
security audits. Therefore, this change rolls back the change from July 2015 and
re-uses the code from July 2014. This has the additional benefits to work under
CentOS 7 and enabling not just ECDHE but DHE based cipher suites as well.

ASTERISK-25659 #close
Reported by: StefanEng86, urbaniak, pay123
Tested by: sarumjanuch, traud
patches:
res_rtp_asterisk.patch submitted by sarumjanuch
dtls_centos_step_1.patch submitted by traud
dtls_centos_step_2.patch submitted by traud

Change-Id: I537cadf4421f092a613146b230f2c0ee1be28d5c

CHANGES		diff \| blob \| blame \| history
configure		diff \| blob \| blame \| history
configure.ac		diff \| blob \| blame \| history
include/asterisk/autoconfig.h.in		diff \| blob \| blame \| history
res/res_rtp_asterisk.c		diff \| blob \| blame \| history