23 May
2014
23 May
'14
11:08 p.m.
On Fri, May 23, 2014 at 3:10 PM, James Cloos <cloos(a)jhcloos.com> wrote:
To clarify further, FreeSWITCH allows enforcement of specific TLS
version up to and including TLS 1.2 (depending on underlying OpenSSL
support, of course). This is a per-profile configuration setting:
https://fisheye.freeswitch.org/browse/~raw,r=fd38a255f8f1fa3fa18b1b5263990a…
--
Kristian Kielhofner
>>>> "FC" == Frank Carmickle <frank(a)carmickle.com> writes:
FC> Freeswitch does support most new features of openssl 1.0.1 branch. I
FC> believe it defaults to tls1.1 currently but I believe the goal is to
FC> only enable tls1.2, with ECDHE+AES128 by default. You can certainly
FC> ask it to do what ever openssl supports, except that right now ECDHE
FC> is hardcoded to p256.
Excellent. Happy to know that.