[sr-dev] git:master: tls: listed TLSv1.1 and TLSv1. 2 as values for tls_method parameter

Daniel-Constantin Mierla miconda at gmail.com
Sun Nov 3 13:26:37 CET 2013 

Module: sip-router
Branch: master
Commit: 1e2bb79a135bef9936fb5d5e0fb9a708589452b9
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1e2bb79a135bef9936fb5d5e0fb9a708589452b9

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Sun Nov  3 13:14:31 2013 +0100

tls: listed TLSv1.1 and TLSv1.2 as values for tls_method parameter

---

 modules/tls/doc/params.xml |   25 ++++++++++++++++++++++---
 1 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/modules/tls/doc/params.xml b/modules/tls/doc/params.xml
index 46c9618..54c21e7 100644
--- a/modules/tls/doc/params.xml
+++ b/modules/tls/doc/params.xml
@@ -21,7 +21,20 @@
 	<itemizedlist>
 			<listitem>
 				<para>
-				<emphasis>TLSv1</emphasis> - only TLSv1 connections are accepted. This is the default and recommended method (if you want to be rfc3261  conformant don't change it).
+				<emphasis>TLSv1.1</emphasis> - only TLSv1.2 connections are accepted
+				(available starting with openssl/libssl v1.0.1e)
+				</para>
+			</listitem>
+			<listitem>
+				<para>
+				<emphasis>TLSv1.1</emphasis> - only TLSv1.1 connections are accepted
+				(available starting with openssl/libssl v1.0.0)
+				</para>
+			</listitem>
+			<listitem>
+				<para>
+				<emphasis>TLSv1</emphasis> - only TLSv1 connections are accepted.
+				This is the default value.
 				</para>
 			</listitem>
 			<listitem>
@@ -31,12 +44,18 @@
 			</listitem>
 			<listitem>
 				<para>
-				<emphasis>SSLv2</emphasis> - only SSLv2 connections, for old clients. Note: you shouldn't use SSLv2 for anything which should be highly secure.
+				<emphasis>SSLv2</emphasis> - only SSLv2 connections, for old clients.
+				Note: you shouldn't use SSLv2 for anything which should be highly secure.
+				Newer versions of libssl don't include support for it anymore.
 				</para>
 			</listitem>
 			<listitem>
 				<para>
-				<emphasis>SSLv23</emphasis> - any of the above methods will be accepted, with the following limitation: the initial SSL hello message must be V2 (in the initial hello all the supported protocols are advertised enabling switching to a higher and more secure version). This means connections from SSLv3 or TLSv1 clients will not be accepted.
+				<emphasis>SSLv23</emphasis> - any of the SSLv2, SSLv3 and TLSv1 methods
+				will be accepted, with the following limitation: the initial SSL hello
+				message must be V2 (in the initial hello all the supported protocols
+				are advertised enabling switching to a higher and more secure version).
+				This means connections from SSLv3 or TLSv1 clients will be accepted.
 				</para>
 			</listitem>
 	</itemizedlist>

More information about the sr-dev mailing list