Hi Curt, Right, we rewrote SIP TLS transport in ticket #957, since then sip_transport_tls_ossl.c was obsoleted, but unfortunately, the cipher list setting feature has been missed, however such effort to bring it back has been done, see ticket #1014 with two patches attached: - 1014-key_uses_cipher_code.diff : setting cipher preference using standard cipher codes. - 1014-key_uses_cipher_index.diff: setting cipher preference using standard cipher index of the PJSIP cipher enumeration. Note that the patch may not integrate cleanly to the latest source as its old age, and such cipher list setting feature may not be available on Symbian with CSecureSocket backend. FYI, just put back ticket #1014 to 1.x track. Any suggestions are welcome and sorry for the troubles. BR, nanang On Thu, Dec 29, 2011 at 4:33 PM, Curt Sampson <cjs at cynic.net> wrote: > I'm using PJSIP 2.0-alpha2. > > Does the functionality set the the cipher list (by setting the ciphers > field in the pjsip_tls_setting struct) work in this (or any recent) > version of PJSIP? In testing it doesn't appear to work for me. > > pjsip/src/pjsip/sip_transport_tls_ossl.c does appear to have code to > implement this. However, it seems that this file isn't built. It's not > mentioned in any Makefile, nor do I get an object file for it when I > build the library. Further, it duplicates the function names (and, > apparently, the interface) from sip_transport_tls.c in the same directory, > which is built. (That file appears to use pjlib/src/pj/ssl_sock_ossl.c > to do the TLS work; it calls OpenSSL functions but does not appear to > support setting the cipher list.) > > Is the file obsolete? I had thought it was until I looked back > through the commit log, which indicates several changes to it > (including bugfixes, e.g., ticket #1221) since revision 2970 when > the Makefile was changed to compile sip_transport_tls.c instead of > sip_transport_tls_ossl.c. Are these just changes that someone made > without testing them, or even looking to see if the code was used? > > If sip_transport_tls_ossl.c is obsolete, it would be nice to remove it > so that it doesn't send people like me on wild goose chases. > > Anyway, if the cipher list functionality does not currently work, that > would be good to document that in the API docs. I will also file a > ticket about this unless there's some reason for me not to do so. > > Assuming this whole analysis is correct, is anybody planning to > re-implement the functionality that would let library users set the list > of ciphers to be used with TLS? > > If not, since a project I am working on needs this functionality, I > might be willing to do this. Would someone familiar with the library be > willing to coach me a bit and/or review my changes in order to make a > patch that would be acceptable for inclusion in the PJSIP library? > > Alternatively, if someone out there would be willing to do this work > for some sort of fee, contact me privatly and I'll see if I can get my > client to work something out with you. > > cjs > -- > Curt Sampson ? ? ? ? <cjs at cynic.net> ? ? ? ? +81 90 7737 2974 > ? ? ? ? ? ? http://www.starling-software.com/ > I have always wished for my computer to be as easy to use as my telephone; > my wish has come true because I can no longer figure out how to use my > telephone. ?--Bjarne Stroustrup > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org