[sr-dev] git:5.3:fc91331a: tls: add TLSv1.2+ to example configuration

Henning Westerholt hw at skalatan.de
Tue Oct 15 15:18:15 CEST 2019


Module: kamailio
Branch: 5.3
Commit: fc91331a92acdef0a17b0341b8d22f93bdbbc1db
URL: https://github.com/kamailio/kamailio/commit/fc91331a92acdef0a17b0341b8d22f93bdbbc1db

Author: Henning Westerholt <hw at skalatan.de>
Committer: Henning Westerholt <hw at skalatan.de>
Date: 2019-10-15T15:17:54+02:00

tls: add TLSv1.2+ to example configuration

(cherry picked from commit aedd2c6470feb6410605110e8e31eca8b43feefb)

---

Modified: src/modules/tls/tls.cfg

---

Diff:  https://github.com/kamailio/kamailio/commit/fc91331a92acdef0a17b0341b8d22f93bdbbc1db.diff
Patch: https://github.com/kamailio/kamailio/commit/fc91331a92acdef0a17b0341b8d22f93bdbbc1db.patch

---

diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg
index d8b20049ae..1bfdfc6919 100644
--- a/src/modules/tls/tls.cfg
+++ b/src/modules/tls/tls.cfg
@@ -8,12 +8,12 @@
 # connections that do not match any other server
 # domain in this configuration file.
 #
-# We do not enable anything else than TLSv1.2
+# We do not enable anything else than TLSv1.2+
 # over the public internet. Clients do not have
 # to present client certificates by default.
 #
 [server:default]
-method = TLSv1.2
+method = TLSv1.2+
 verify_certificate = no
 require_certificate = no
 private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
@@ -29,21 +29,21 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
 # We require that servers present valid certificate.
 #
 [client:default]
-#method = TLSv1.2
+#method = TLSv1.2+
 verify_certificate = yes
 require_certificate = yes
 
 # ---
 # This is an example server domain for TLS connections
 # received from the loopback interface. We allow
-# the use of TLSv1.2 protocols here, we do
+# the use of TLSv1.2+ protocols here, we do
 # not require that clients present client certificates
 # but if they present it it must be valid. We also use
 # a special certificate and CA list for loopback
 # interface.
 #
 #[server:5.6.7.8:5061]
-#method = TLSv1.2
+#method = TLSv1.2+
 #verify_certificate = yes
 #require_certificate = no
 #private_key = /usr/local/etc/kamailio/tls/local_key.pem
@@ -76,7 +76,7 @@ require_certificate = yes
 # - it requires to have 'server_name' to match on SNI (domain and subdomains)
 #
 #[server:any]
-#method = TLSv1.2
+#method = TLSv1.2+
 #verify_certificate = yes
 #require_certificate = no
 #private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem
@@ -93,7 +93,7 @@ require_certificate = yes
 # - it requires to have 'server_name' to match on SNI (only subdomains)
 #
 #[server:any]
-#method = TLSv1.2
+#method = TLSv1.2+
 #verify_certificate = yes
 #require_certificate = no
 #private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem




More information about the sr-dev mailing list