[SR-Users] TLS and SIP
kris at kriskinc.com
Fri May 23 22:08:39 CEST 2014
On Fri, May 23, 2014 at 3:10 PM, James Cloos <cloos at jhcloos.com> wrote:
>>>>>> "FC" == Frank Carmickle <frank at carmickle.com> writes:
> FC> Freeswitch does support most new features of openssl 1.0.1 branch. I
> FC> believe it defaults to tls1.1 currently but I believe the goal is to
> FC> only enable tls1.2, with ECDHE+AES128 by default. You can certainly
> FC> ask it to do what ever openssl supports, except that right now ECDHE
> FC> is hardcoded to p256.
> Excellent. Happy to know that.
To clarify further, FreeSWITCH allows enforcement of specific TLS
version up to and including TLS 1.2 (depending on underlying OpenSSL
support, of course). This is a per-profile configuration setting:
More information about the sr-users