[sr-dev] git:master:1da19617: tls: set default tls method (version) to 1+

Daniel-Constantin Mierla miconda at gmail.com
Fri Dec 20 16:11:03 CET 2019


Module: kamailio
Branch: master
Commit: 1da196174d8cd7e82ce57d4de60197fc063e6b50
URL: https://github.com/kamailio/kamailio/commit/1da196174d8cd7e82ce57d4de60197fc063e6b50

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2019-12-20T16:10:45+01:00

tls: set default tls method (version) to 1+

- it was 1, but newer libssl doesn't have it anymore
- while older systems don't have newer version support

---

Modified: src/modules/tls/tls_mod.c

---

Diff:  https://github.com/kamailio/kamailio/commit/1da196174d8cd7e82ce57d4de60197fc063e6b50.diff
Patch: https://github.com/kamailio/kamailio/commit/1da196174d8cd7e82ce57d4de60197fc063e6b50.patch

---

diff --git a/src/modules/tls/tls_mod.c b/src/modules/tls/tls_mod.c
index b888aaa666..ff672036c1 100644
--- a/src/modules/tls/tls_mod.c
+++ b/src/modules/tls/tls_mod.c
@@ -103,7 +103,7 @@ static tls_domain_t mod_params = {
 	STR_STATIC_INIT(TLS_CA_FILE),      /* CA file */
 	0,                /* Require certificate */
 	{0, },                /* Cipher list */
-	TLS_USE_TLSv1,    /* TLS method */
+	TLS_USE_TLSv1_PLUS,   /* TLS method */
 	STR_STATIC_INIT(TLS_CRL_FILE), /* Certificate revocation list */
 	{0, 0},           /* Server name (SNI) */
 	0,                /* Server name (SNI) mode */
@@ -128,7 +128,7 @@ tls_domain_t srv_defaults = {
 	STR_STATIC_INIT(TLS_CA_FILE),      /* CA file */
 	0,                /* Require certificate */
 	{0, 0},                /* Cipher list */
-	TLS_USE_TLSv1,    /* TLS method */
+	TLS_USE_TLSv1_PLUS,    /* TLS method */
 	STR_STATIC_INIT(TLS_CRL_FILE), /* Certificate revocation list */
 	{0, 0},           /* Server name (SNI) */
 	0,                /* Server name (SNI) mode */
@@ -170,7 +170,7 @@ tls_domain_t cli_defaults = {
 	STR_STATIC_INIT(TLS_CA_FILE),      /* CA file */
 	0,                /* Require certificate */
 	{0, 0},                /* Cipher list */
-	TLS_USE_TLSv1,    /* TLS method */
+	TLS_USE_TLSv1_PLUS,    /* TLS method */
 	{0, 0}, /* Certificate revocation list */
 	{0, 0},           /* Server name (SNI) */
 	0,                /* Server name (SNI) mode */




More information about the sr-dev mailing list