Bug 132 - use DTLS_method instead of DTLSv1_method
Summary: use DTLS_method instead of DTLSv1_method
Status: NEW
Alias: None
Product: resiprocate
Classification: Unclassified
Component: stack (libresip) (show other bugs)
Version: unspecified
Hardware: All All
: P1 minor
Assignee: Owner of all unassigned bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-19 03:56 CDT by Daniel Pocock
Modified: 2016-08-19 03:56 CDT (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Pocock 2016-08-19 03:56:07 CDT
DTLSv1_method, DTLSv1_client_method and DTLSv1_server_method are used by default in various places in the stack.  This prevents applications from dynamically choosing the DTLS version that is optimal for security and compatibility with a particularly peer at runtime.

These calls should be replaced with the DTLS_method, DTLS_client_method and DTLS_server_method

Testing on Debian jessie, I observed that DTLS_method, DTLS_client_method and DTLS_server_method were not present in my OpenSSL headers so it may be necessary to either use a newer OpenSSL version and to have some additional macros and build options for building with legacy OpenSSL versions.

The places where this needs to be changed are:

resip/stack/ssl/DtlsTransport.cxx
reflow/dtls_wrapper/DtlsFactory.cxx