[SR-Users] TLS and SIP

Kristian Kielhofner kris at kriskinc.com
Fri May 23 22:08:39 CEST 2014

On Fri, May 23, 2014 at 3:10 PM, James Cloos <cloos at jhcloos.com> wrote:
>>>>>> "FC" == Frank Carmickle <frank at carmickle.com> writes:
> FC> Freeswitch does support most new features of openssl 1.0.1 branch.  I
> FC> believe it defaults to tls1.1 currently but I believe the goal is to
> FC> only enable tls1.2, with ECDHE+AES128 by default.  You can certainly
> FC> ask it to do what ever openssl supports, except that right now ECDHE
> FC> is hardcoded to p256.
> Excellent.  Happy to know that.

To clarify further, FreeSWITCH allows enforcement of specific TLS
version up to and including TLS 1.2 (depending on underlying OpenSSL
support, of course). This is a per-profile configuration setting:


Kristian Kielhofner

More information about the sr-users mailing list