Module: sip-router
Branch: master
Commit: 1e2bb79a135bef9936fb5d5e0fb9a708589452b9
URL:
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1e2bb79…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: Sun Nov 3 13:14:31 2013 +0100
tls: listed TLSv1.1 and TLSv1.2 as values for tls_method parameter
---
modules/tls/doc/params.xml | 25 ++++++++++++++++++++++---
1 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/modules/tls/doc/params.xml b/modules/tls/doc/params.xml
index 46c9618..54c21e7 100644
--- a/modules/tls/doc/params.xml
+++ b/modules/tls/doc/params.xml
@@ -21,7 +21,20 @@
<itemizedlist>
<listitem>
<para>
- <emphasis>TLSv1</emphasis> - only TLSv1 connections are accepted. This is
the default and recommended method (if you want to be rfc3261 conformant don't change
it).
+ <emphasis>TLSv1.1</emphasis> - only TLSv1.2 connections are accepted
+ (available starting with openssl/libssl v1.0.1e)
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <emphasis>TLSv1.1</emphasis> - only TLSv1.1 connections are accepted
+ (available starting with openssl/libssl v1.0.0)
+ </para>
+ </listitem>
+ <listitem>
+ <para>
+ <emphasis>TLSv1</emphasis> - only TLSv1 connections are accepted.
+ This is the default value.
</para>
</listitem>
<listitem>
@@ -31,12 +44,18 @@
</listitem>
<listitem>
<para>
- <emphasis>SSLv2</emphasis> - only SSLv2 connections, for old clients.
Note: you shouldn't use SSLv2 for anything which should be highly secure.
+ <emphasis>SSLv2</emphasis> - only SSLv2 connections, for old clients.
+ Note: you shouldn't use SSLv2 for anything which should be highly secure.
+ Newer versions of libssl don't include support for it anymore.
</para>
</listitem>
<listitem>
<para>
- <emphasis>SSLv23</emphasis> - any of the above methods will be accepted,
with the following limitation: the initial SSL hello message must be V2 (in the initial
hello all the supported protocols are advertised enabling switching to a higher and more
secure version). This means connections from SSLv3 or TLSv1 clients will not be accepted.
+ <emphasis>SSLv23</emphasis> - any of the SSLv2, SSLv3 and TLSv1 methods
+ will be accepted, with the following limitation: the initial SSL hello
+ message must be V2 (in the initial hello all the supported protocols
+ are advertised enabling switching to a higher and more secure version).
+ This means connections from SSLv3 or TLSv1 clients will be accepted.
</para>
</listitem>
</itemizedlist>