[FFmpeg-devel] [PATCH 07/14] avformat/tls_openssl: don't hardcode ciphers and curves for dtls

[Timo Rothenpieler]

---
 libavformat/tls_openssl.c | 22 ----------------------
 1 file changed, 22 deletions(-)

diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 8326762592..bb9a5b8054 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -776,15 +776,12 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
     TLSShared *c = &p->tls_shared;
     int ret = 0;
     c->is_dtls = 1;
-    const char* ciphers = "ALL";
 
     /**
      * The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c.
      * The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c.
      */
     const char* profiles = "SRTP_AES128_CM_SHA1_80";
-    /* Refer to the test cases regarding these curves in the WebRTC code. */
-    const char* curves = "X25519:P-256:P-384:P-521";
 
     p->ctx = SSL_CTX_new(c->listen ? DTLS_server_method() : DTLS_client_method());
     if (!p->ctx) {
@@ -792,25 +789,6 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
         goto fail;
     }
 
-    /* For ECDSA, we could set the curves list. */
-    if (SSL_CTX_set1_curves_list(p->ctx, curves) != 1) {
-        av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
-            curves, openssl_get_error(p));
-        ret = AVERROR(EINVAL);
-        return ret;
-    }
-
-    /**
-     * We activate "ALL" cipher suites to align with the peer's capabilities,
-     * ensuring maximum compatibility.
-     */
-    if (SSL_CTX_set_cipher_list(p->ctx, ciphers) != 1) {
-        av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set_cipher_list failed, ciphers=%s, %s\n",
-            ciphers, openssl_get_error(p));
-        ret = AVERROR(EINVAL);
-        return ret;
-    }
-
     ret = openssl_init_ca_key_cert(h);
     if (ret < 0) goto fail;
 
-- 
2.49.0