If an attacker can cause a device to make an authenticated request to
a service via TLS while including a payload of the attacker's choice
in that request, and if TLS compression is enabled, the attacker can
uncover the plaintext authentication information by making a series of
guesses and observing changes in the length of the ciphertext.
This is CVE-2012-4929.
FS-6360 --resolve
Thanks-to: Brian West <brian@freeswitch.org>
Previously we disallowed anonymous Diffie-Hellman, but there are other
kinds of null-authentication TLS suites. In particular, disallowing
AECDH is important now that we support elliptic-curve Diffie-Hellman.
commit ee51fa4e2993ab71339e29691aec8b924c810c53
Author: Frode Isaksen <frode.isaksen@bewan.com>
Date: Thu Aug 18 16:40:58 2011 +0300
su: fix su_time() on 64-bit OS X
The field tv_sec in struct timeval is 64bits instead of 32bits as in
su_time_t, so you cannot cast su_time_t to struct timeval.
This shows the cipher name, TLS version, the number of cipher bits and
algorithm bits, and a description of the cipher in Sofia's debug
logging output on level 9.
This separates out the Linux socket TCP keepalive timeout interval
from Sofia's internal mechanisms. Earlier we tied these together. In
retrospect this seems improper.
These two values can now be set separately.
You might, for example, want to keep the Sofia internal mechanism
disabled completely while enabling the platform-based mechanism if
your platform supports it.
We also here reform the default value of the socket TCP keepalive
parameter to 30 seconds.
This is what commit a0e9639a1f should
have been.
FS-6104
Sofia keeps the TCP keepalive timeout in milliseconds, but Linux
expects the value in seconds. Before this change, it's unlikely the
TCP_KEEPIDLE and TCP_KEEPINTVL calls were having much effect as we
would have been passing them a huge value.
FS-6104
This adds support for the ephemeral elliptic curve Diffie-Hellman key
exchange, which provides for forward secrecy in the event that
long-term keys are compromised.
For the moment, we've hard-coded the curve as prime256v1.
Previously there was no way to override the hard-coded cipher suite
specification of "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".
This commit does leave in place the hardcoded cipher spec for WebRTC
of "HIGH:!DSS:!aNULL@STRENGTH".
Previously if the TPTAG_TLS_VERSION was set to a non-zero value we
supported only TLSv1 (but not TLSv1.1 or TLSv1.2), and if was set to
zero we supported all versions of TLS and SSL (including the
ridiculous SSLv2).
Now we take an integer field where various bits can be set indicating
which versions of TLS we would like to support.
Sofia accepts a value for the TCP keepalive timeout interval via
TPTAG_KEEPALIVE, however it fails to use this value for the Linux
keepalive socket options TCP_KEEPIDLE and TCP_KEEPINTVL. In fact, on
Linux it enables the sending of TCP keepalives even if tpp_keepalive
is set to zero which would disable Sofia's internal keepalive
mechanisms. Sofia then uses a hard coded value of 30 seconds for
these keepalive intervals which affects battery life on mobile
devices.
With this commit we harmonize the sending of TCP keepalives on Linux
with other platforms by using the value from TPTAG_KEEPALIVE and not
enabling the sending of TCP keepalives at all if the value of the
parameter is zero.
FS-6104 --resolve
Brian West