[SR-Users] TLS and SIP
Kristian Kielhofner
kris at kriskinc.com
Fri May 23 22:08:39 CEST 2014
On Fri, May 23, 2014 at 3:10 PM, James Cloos <cloos at jhcloos.com> wrote:
>>>>>> "FC" == Frank Carmickle <frank at carmickle.com> writes:
>
> FC> Freeswitch does support most new features of openssl 1.0.1 branch. I
> FC> believe it defaults to tls1.1 currently but I believe the goal is to
> FC> only enable tls1.2, with ECDHE+AES128 by default. You can certainly
> FC> ask it to do what ever openssl supports, except that right now ECDHE
> FC> is hardcoded to p256.
>
> Excellent. Happy to know that.
>
To clarify further, FreeSWITCH allows enforcement of specific TLS
version up to and including TLS 1.2 (depending on underlying OpenSSL
support, of course). This is a per-profile configuration setting:
https://fisheye.freeswitch.org/browse/~raw,r=fd38a255f8f1fa3fa18b1b5263990af8ac4bc632/FreeSWITCH/conf/vanilla/sip_profiles/internal.xml
--
Kristian Kielhofner
More information about the sr-users
mailing list