Module: kamailio
Branch: 5.3
Commit: 98e22d5e11be5ef9e669635ea472ffe4f1d81e42
URL: https://github.com/kamailio/kamailio/commit/98e22d5e11be5ef9e669635ea472ffe…
Author: Kamailio Dev <kamailio.dev(a)kamailio.org>
Committer: Kamailio Dev <kamailio.dev(a)kamailio.org>
Date: 2019-10-15T15:16:40+02:00
modules: readme files regenerated - modules ... [skip ci]
---
Modified: src/modules/tls/README
---
Diff: https://github.com/kamailio/kamailio/commit/98e22d5e11be5ef9e669635ea472ffe…
Patch: https://github.com/kamailio/kamailio/commit/98e22d5e11be5ef9e669635ea472ffe…
---
diff --git a/src/modules/tls/README b/src/modules/tls/README
index 3f40adf0f0..a625036a92 100644
--- a/src/modules/tls/README
+++ b/src/modules/tls/README
@@ -617,6 +617,8 @@ Place holder
10.1. tls_method (string)
Sets the TLS protocol method. Possible values are:
+ * TLSv1.2+ - TLSv1.2 or newer (TLSv1.3, ...) connections are accepted
+ (available starting with openssl/libssl v1.1.1)
* TLSv1.2 - only TLSv1.2 connections are accepted (available starting
with openssl/libssl v1.0.1e)
* TLSv1.1+ - TLSv1.1 or newer (TLSv1.2, ...) connections are accepted
@@ -1436,6 +1438,7 @@ end
* krand - use internal kam_rand() function
* fastrand - use internal fastrand (ISAAC) function
* cryptorand - use internal cryptorand (Fortuna) function
+ * kxlibssl - default libssl rand engine wrapped by a Kamailio mutex
Note: the krand and fastrand engines are not recommended for use on
systems requiring strong security, as they may not generate numbers
Module: kamailio
Branch: master
Commit: aedd2c6470feb6410605110e8e31eca8b43feefb
URL: https://github.com/kamailio/kamailio/commit/aedd2c6470feb6410605110e8e31eca…
Author: Henning Westerholt <hw(a)skalatan.de>
Committer: Henning Westerholt <hw(a)skalatan.de>
Date: 2019-10-15T15:13:32+02:00
tls: add TLSv1.2+ to example configuration
---
Modified: src/modules/tls/tls.cfg
---
Diff: https://github.com/kamailio/kamailio/commit/aedd2c6470feb6410605110e8e31eca…
Patch: https://github.com/kamailio/kamailio/commit/aedd2c6470feb6410605110e8e31eca…
---
diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg
index d8b20049ae..1bfdfc6919 100644
--- a/src/modules/tls/tls.cfg
+++ b/src/modules/tls/tls.cfg
@@ -8,12 +8,12 @@
# connections that do not match any other server
# domain in this configuration file.
#
-# We do not enable anything else than TLSv1.2
+# We do not enable anything else than TLSv1.2+
# over the public internet. Clients do not have
# to present client certificates by default.
#
[server:default]
-method = TLSv1.2
+method = TLSv1.2+
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
@@ -29,21 +29,21 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
# We require that servers present valid certificate.
#
[client:default]
-#method = TLSv1.2
+#method = TLSv1.2+
verify_certificate = yes
require_certificate = yes
# ---
# This is an example server domain for TLS connections
# received from the loopback interface. We allow
-# the use of TLSv1.2 protocols here, we do
+# the use of TLSv1.2+ protocols here, we do
# not require that clients present client certificates
# but if they present it it must be valid. We also use
# a special certificate and CA list for loopback
# interface.
#
#[server:5.6.7.8:5061]
-#method = TLSv1.2
+#method = TLSv1.2+
#verify_certificate = yes
#require_certificate = no
#private_key = /usr/local/etc/kamailio/tls/local_key.pem
@@ -76,7 +76,7 @@ require_certificate = yes
# - it requires to have 'server_name' to match on SNI (domain and subdomains)
#
#[server:any]
-#method = TLSv1.2
+#method = TLSv1.2+
#verify_certificate = yes
#require_certificate = no
#private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem
@@ -93,7 +93,7 @@ require_certificate = yes
# - it requires to have 'server_name' to match on SNI (only subdomains)
#
#[server:any]
-#method = TLSv1.2
+#method = TLSv1.2+
#verify_certificate = yes
#require_certificate = no
#private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem
Module: kamailio
Branch: 5.3
Commit: c32bccf1cebf70e512f16c15124db1c717e01769
URL: https://github.com/kamailio/kamailio/commit/c32bccf1cebf70e512f16c15124db1c…
Author: Henning Westerholt <hw(a)skalatan.de>
Committer: Henning Westerholt <hw(a)skalatan.de>
Date: 2019-10-15T14:18:14+02:00
tls: switch to TLSv1.2 in example cfg, usage of TLS 1.0 is not recommended anymore
(cherry picked from commit 3fa7b04cb6ac4170343455fa4f591fa95f7a3ff9)
---
Modified: src/modules/tls/tls.cfg
---
Diff: https://github.com/kamailio/kamailio/commit/c32bccf1cebf70e512f16c15124db1c…
Patch: https://github.com/kamailio/kamailio/commit/c32bccf1cebf70e512f16c15124db1c…
---
diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg
index b84ba8fcfc..d8b20049ae 100644
--- a/src/modules/tls/tls.cfg
+++ b/src/modules/tls/tls.cfg
@@ -8,12 +8,12 @@
# connections that do not match any other server
# domain in this configuration file.
#
-# We do not enable anything else than TLSv1
+# We do not enable anything else than TLSv1.2
# over the public internet. Clients do not have
# to present client certificates by default.
#
[server:default]
-method = TLSv1
+method = TLSv1.2
verify_certificate = no
require_certificate = no
private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
@@ -29,21 +29,21 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
# We require that servers present valid certificate.
#
[client:default]
-#method = TLSv1
+#method = TLSv1.2
verify_certificate = yes
require_certificate = yes
# ---
# This is an example server domain for TLS connections
# received from the loopback interface. We allow
-# the use of TLSv1 protocols here, we do
+# the use of TLSv1.2 protocols here, we do
# not require that clients present client certificates
# but if they present it it must be valid. We also use
# a special certificate and CA list for loopback
# interface.
#
#[server:5.6.7.8:5061]
-#method = TLSv1
+#method = TLSv1.2
#verify_certificate = yes
#require_certificate = no
#private_key = /usr/local/etc/kamailio/tls/local_key.pem
@@ -76,7 +76,7 @@ require_certificate = yes
# - it requires to have 'server_name' to match on SNI (domain and subdomains)
#
#[server:any]
-#method = TLSv1
+#method = TLSv1.2
#verify_certificate = yes
#require_certificate = no
#private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem
@@ -93,7 +93,7 @@ require_certificate = yes
# - it requires to have 'server_name' to match on SNI (only subdomains)
#
#[server:any]
-#method = TLSv1
+#method = TLSv1.2
#verify_certificate = yes
#require_certificate = no
#private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem