Drop null-auth suites from our default TLS cipher list

Previously we disallowed anonymous Diffie-Hellman, but there are other kinds of null-authentication TLS suites. In particular, disallowing AECDH is important now that we support elliptic-curve Diffie-Hellman.

Drop null-auth suites from our default TLS cipher list
Previously we disallowed anonymous Diffie-Hellman, but there are other kinds of null-authentication TLS suites. In particular, disallowing AECDH is important now that we support elliptic-curve Diffie-Hellman.
64e1a653 · Travis Cross · 0ca28789 · 64e1a653 · 64e1a653
--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.c
@@ -202,7 +202,7 @@ void tls_set_default(tls_issues_t *i)
  i->key = i->key ? i->key : i->cert;
  i->randFile = i->randFile ? i->randFile : "tls_seed.dat";
  i->CAfile = i->CAfile ? i->CAfile : "cafile.pem";
-  i->ciphers = i->ciphers ? i->ciphers : "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
+  i->ciphers = i->ciphers ? i->ciphers : "!eNULL:!aNULL:!EXP:!LOW:!MD5:ALL:@STRENGTH";
  /* Default SIP cipher */
  /* "RSA-WITH-AES-128-CBC-SHA"; */
  /* RFC-2543-compatibility ciphersuite */

--- a/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h
+++ b/libs/sofia-sip/libsofia-sip-ua/tport/tport_tls.h
@@ -61,7 +61,7 @@ typedef struct tls_issues_s {
  char *CAfile;		/* PEM file of CA's                           */
  char *CApath;		/* PEM file path of CA's		      */
  char *ciphers;         /* Should be one of the above defined ciphers *
-			 * or NULL (default: "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
+			 * or NULL (default: !eNULL:!aNULL:!EXP:!LOW:!MD5:ALL:@STRENGTH)
                         */
  int   version;	/* For tls1, version is 1. When ssl3/ssl2 is
 			 * used, it is 0. */