Add missing openssl SECLEVEL=0 support (#3890)
Previous SECLEVEL support allowed for levels 1-5. However, openssl defines levels 0-5. [1] Recent openssl versions (3.0+) have moved previous popular ciphers/key lengths (i.e. RSA1024withSHA1) into level 0, so it is now a reasonable choice to use. Add support for level 0. [1] https://www.openssl.org/docs/man3.2/man3/SSL_CTX_set_security_level.html
This commit is contained in:
parent
a974061441
commit
cfde494dc3
|
@ -483,11 +483,12 @@ static pj_str_t ssl_strerror(pj_status_t status,
|
||||||
*/
|
*/
|
||||||
static const struct ssl_ciphers_t ADDITIONAL_CIPHERS[] = {
|
static const struct ssl_ciphers_t ADDITIONAL_CIPHERS[] = {
|
||||||
{0xFF000000, "DEFAULT"},
|
{0xFF000000, "DEFAULT"},
|
||||||
{0xFF000001, "@SECLEVEL=1"},
|
{0xFF000001, "@SECLEVEL=0"},
|
||||||
{0xFF000002, "@SECLEVEL=2"},
|
{0xFF000002, "@SECLEVEL=1"},
|
||||||
{0xFF000003, "@SECLEVEL=3"},
|
{0xFF000003, "@SECLEVEL=2"},
|
||||||
{0xFF000004, "@SECLEVEL=4"},
|
{0xFF000004, "@SECLEVEL=3"},
|
||||||
{0xFF000005, "@SECLEVEL=5"}
|
{0xFF000005, "@SECLEVEL=4"},
|
||||||
|
{0xFF000006, "@SECLEVEL=5"}
|
||||||
};
|
};
|
||||||
static const unsigned int ADDITIONAL_CIPHER_COUNT =
|
static const unsigned int ADDITIONAL_CIPHER_COUNT =
|
||||||
sizeof (ADDITIONAL_CIPHERS) / sizeof (ADDITIONAL_CIPHERS[0]);
|
sizeof (ADDITIONAL_CIPHERS) / sizeof (ADDITIONAL_CIPHERS[0]);
|
||||||
|
|
Loading…
Reference in New Issue