Module: sip-router Branch: master Commit: f4bf810a5af5b2d133df30e625691cc7b6ad2cf5 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=f4bf810… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: Sun Nov 3 13:15:31 2013 +0100 tls: refreshed the README --- modules/tls/README | 21 +++++++++++++-------- 1 files changed, 13 insertions(+), 8 deletions(-) diff --git a/modules/tls/README b/modules/tls/README index f723d65..9584354 100644 --- a/modules/tls/README +++ b/modules/tls/README @@ -4,7 +4,7 @@ Andrei Pelinescu-Onciul iptelorg GmbH - Copyright (c) 2007 iptelorg GmbH + Copyright � 2007 iptelorg GmbH __________________________________________________________________ Table of Contents @@ -486,17 +486,22 @@ Revoking a certificate and using a CRL 9.1. tls_method (string) Sets the SSL/TLS protocol method. Possible values are: + * TLSv1.1 - only TLSv1.2 connections are accepted (available starting + with openssl/libssl v1.0.1e) + * TLSv1.1 - only TLSv1.1 connections are accepted (available starting + with openssl/libssl v1.0.0) * TLSv1 - only TLSv1 connections are accepted. This is the default - and recommended method (if you want to be rfc3261 conformant don't - change it). + value. * SSLv3 - only SSLv3 connections are accepted * SSLv2 - only SSLv2 connections, for old clients. Note: you shouldn't use SSLv2 for anything which should be highly secure. - * SSLv23 - any of the above methods will be accepted, with the - following limitation: the initial SSL hello message must be V2 (in - the initial hello all the supported protocols are advertised - enabling switching to a higher and more secure version). This means - connections from SSLv3 or TLSv1 clients will not be accepted. + Newer versions of libssl don't include support for it anymore. + * SSLv23 - any of the SSLv2, SSLv3 and TLSv1 methods will be + accepted, with the following limitation: the initial SSL hello + message must be V2 (in the initial hello all the supported + protocols are advertised enabling switching to a higher and more + secure version). This means connections from SSLv3 or TLSv1 clients + will be accepted. If rfc3261 conformance is desired, TLSv1 must be used. For compatibility with older clients SSLv23 is a good option.