[Asterisk-code-review] sip.conf: tlsclientmethod is using sslv23 as default. (asterisk[11])

[Alexander Traud]

Hello George Joseph, Anonymous Coward #1000019,

I'd like you to reexamine a change.  Please visit

    https://gerrit.asterisk.org/3638

to look at the new patch set (#2).

Change subject: sip.conf: tlsclientmethod is using sslv23 as default.
......................................................................

sip.conf: tlsclientmethod is using sslv23 as default.

When 'tlsclientmethod' is not specified in sip.conf, chan_sip uses the OpenSSL
SSLv23_method. This was documented incorrectly in the file sip.conf.sample.

SSLv23_method got its name in the 90s. Today, with OpenSSL 1.0.2, this method
enables (just) the secure TLSv1.0 and TLSv1.2. Or stated differently, that
function should have been called 'secure_method' or 'automatic_method' back in
the 90s.

Consequently please, specify 'tlsclientmethod=tlsv1' in your sip.conf only if
you face a server which has problems like not falling back to TLSv1.0
automatically.

ASTERISK-24425

Change-Id: I502ce6146b4504cadfd3973af8d6ec3994f54fa3
---
M configs/sip.conf.sample
1 file changed, 10 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/38/3638/2
-- 
To view, visit https://gerrit.asterisk.org/3638
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I502ce6146b4504cadfd3973af8d6ec3994f54fa3
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: 11
Gerrit-Owner: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>