[asterisk-commits] sip.conf: tlsclientmethod is using sslv23 as default. (asterisk[11])
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Fri Aug 19 14:20:37 CDT 2016
Anonymous Coward #1000019 has submitted this change and it was merged.
Change subject: sip.conf: tlsclientmethod is using sslv23 as default.
......................................................................
sip.conf: tlsclientmethod is using sslv23 as default.
When 'tlsclientmethod' is not specified in sip.conf, chan_sip uses the OpenSSL
SSLv23_method. This was documented incorrectly in the file sip.conf.sample.
SSLv23_method got its name in the 90s. Today, with OpenSSL 1.0.2, this method
enables (just) the secure TLSv1.0 and TLSv1.2. Or stated differently, that
function should have been called 'secure_method' or 'automatic_method' back in
the 90s.
Consequently please, specify 'tlsclientmethod=tlsv1' in your sip.conf only if
you face a server which has problems like not falling back to TLSv1.0
automatically.
ASTERISK-24425
Change-Id: I502ce6146b4504cadfd3973af8d6ec3994f54fa3
---
M configs/sip.conf.sample
1 file changed, 10 insertions(+), 1 deletion(-)
Approvals:
George Joseph: Looks good to me, but someone else must approve
Joshua Colp: Looks good to me, approved; Verified
diff --git a/configs/sip.conf.sample b/configs/sip.conf.sample
index 1ac849c..c6e6e22 100644
--- a/configs/sip.conf.sample
+++ b/configs/sip.conf.sample
@@ -575,7 +575,16 @@
;
;tlsclientmethod=tlsv1 ; values include tlsv1, sslv3, sslv2.
; Specify protocol for outbound client connections.
- ; If left unspecified, the default is sslv2.
+ ; If left unspecified, the default is the general-
+ ; purpose version-flexible SSL/TLS method (sslv23).
+ ; With that, the actual protocol version used will
+ ; be negotiated to the highest version mutually
+ ; supported by Asterisk and the remote server, i.e.
+ ; TLSv1.2. The supported protocols are listed at
+ ; http://www.openssl.org/docs/ssl/SSL_CTX_new.html
+ ; SSLv2 and SSLv3 are disabled within Asterisk.
+ ; Your distribution might have changed that list
+ ; further.
;
;--------------------------- SIP timers ----------------------------------------------------
; These timers are used primarily in INVITE transactions.
--
To view, visit https://gerrit.asterisk.org/3638
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I502ce6146b4504cadfd3973af8d6ec3994f54fa3
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: 11
Gerrit-Owner: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
More information about the asterisk-commits
mailing list