Add missing openssl SECLEVEL=0 support #3890
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Previous SECLEVEL support allowed for levels 1-5. However, openssl defines levels 0-5. [1] Recent openssl versions (3.0+) have moved previous popular ciphers/key lengths (i.e. RSA1024withSHA1) into level 0, so it is now a reasonable choice to use. Add support for level 0. [1] https://www.openssl.org/docs/man3.2/man3/SSL_CTX_set_security_level.html
nanangizz
approved these changes
Mar 19, 2024
sauwming
approved these changes
Mar 19, 2024
dshamaev-intermedia
added a commit
to intermedia-net/pjproject
that referenced
this pull request
Apr 4, 2024
* Add missing openssl SECLEVEL=0 support (pjsip#3890) Previous SECLEVEL support allowed for levels 1-5. However, openssl defines levels 0-5. [1] Recent openssl versions (3.0+) have moved previous popular ciphers/key lengths (i.e. RSA1024withSHA1) into level 0, so it is now a reasonable choice to use. Add support for level 0. [1] https://www.openssl.org/docs/man3.2/man3/SSL_CTX_set_security_level.html * Enable Late Offer Answer Mode (LOAM) feature in the pjsua (pjsip#3869) * Fix warnings for 32-bit compiler and misc fixes. (pjsip#3896) * Add some missing unlocks (pjsip#3893) * Prevent race condition in DTLS media stop (pjsip#3901) * Fix data race reported by ThreadSanitizer in caching pool (pjsip#3897) * Fixed Metal renderer memory leak (pjsip#3909) * Fixed DTLS clock stoppage race (pjsip#3905) * Improve IP address change IPv4 <-> IPv6 (pjsip#3910) --------- Co-authored-by: naf <[email protected]> Co-authored-by: Goodicus <[email protected]> Co-authored-by: Amilcar Ubiera <[email protected]> Co-authored-by: Santiago De la Cruz <[email protected]> Co-authored-by: sauwming <[email protected]> Co-authored-by: Nanang Izzuddin <[email protected]> Co-authored-by: dshamaev-intermedia <[email protected]>
dshamaev-intermedia
added a commit
to intermedia-net/pjproject
that referenced
this pull request
Jun 12, 2024
* Add missing openssl SECLEVEL=0 support (pjsip#3890) Previous SECLEVEL support allowed for levels 1-5. However, openssl defines levels 0-5. [1] Recent openssl versions (3.0+) have moved previous popular ciphers/key lengths (i.e. RSA1024withSHA1) into level 0, so it is now a reasonable choice to use. Add support for level 0. [1] https://www.openssl.org/docs/man3.2/man3/SSL_CTX_set_security_level.html * Enable Late Offer Answer Mode (LOAM) feature in the pjsua (pjsip#3869) * Fix warnings for 32-bit compiler and misc fixes. (pjsip#3896) * Add some missing unlocks (pjsip#3893) * Prevent race condition in DTLS media stop (pjsip#3901) * Fix data race reported by ThreadSanitizer in caching pool (pjsip#3897) * Fixed Metal renderer memory leak (pjsip#3909) * Fixed DTLS clock stoppage race (pjsip#3905) * Improve IP address change IPv4 <-> IPv6 (pjsip#3910) * pjsua_acc: Fix warnings for comparison between ‘pjsua_nat64_opt’ and ‘enum pjsua_ipv6_use’ (pjsip#3915) * Fix to ext_fmts accessed out of stack scope. (pjsip#3916) * Add check in siprtp sample app for inactive audio media (pjsip#3927) * Add function to initialize MediaFormat audio & video (pjsip#3925) * Fixed incorrect SDP buffer length calculation (pjsip#3924) * Support Push Notification in iOS sample app (pjsip#3913) * Fixed PJSUA2 API to get/set Opus config (pjsip#3935) * Fix bad address length check in pj_ioqueue_sendto(). (pjsip#3941) * Fix warning of uninitialized value in fuzz-crypto (pjsip#3946) * Print log on successful send (pjsip#3942) * Fixed CI Mac build failure (pjsip#3947) * Update Android JNI audio dev to use 16bit PCM only (pjsip#3945) * Add TLS/SSL backend: Windows Schannel (pjsip#3867) * pjsip_find_msg: Log warning if Content-Length field not found (pjsip#3960) * Fix audiodev index (pjsip#3962) * Fix assertion on call hangup from DTMF callback (pjsip#3970) * Fix yaml error in github feature template (pjsip#3972) * Fix version string in Python setup (pjsip#3976) * Prevent pjmedia_codec_param.info.enc_ptime_denum division by zero in stream (pjsip#3975) --------- Co-authored-by: naf <[email protected]> Co-authored-by: Goodicus <[email protected]> Co-authored-by: Amilcar Ubiera <[email protected]> Co-authored-by: Santiago De la Cruz <[email protected]> Co-authored-by: sauwming <[email protected]> Co-authored-by: Nanang Izzuddin <[email protected]> Co-authored-by: dshamaev-intermedia <[email protected]> Co-authored-by: CI Bot <[email protected]> Co-authored-by: Pau Espin Pedrol <[email protected]> Co-authored-by: Riza Sulistyo <[email protected]> Co-authored-by: Andreas Peldszus <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Previously added SECLEVEL=n support allowed for only levels 1-5. (see #2596)
However, openssl defines levels 0-5. (see https://www.openssl.org/docs/man3.2/man3/SSL_CTX_set_security_level.html)
Recent openssl versions (3.0+) have moved previous popular ciphers/key lengths (i.e. RSA1024withSHA1) into level 0, so it is now a reasonable choice to use.