diff options
| author | Alexander Traud <pabstraud@compuserve.com> | 2016-08-18 16:21:25 +0200 |
|---|---|---|
| committer | Alexander Traud <pabstraud@compuserve.com> | 2016-08-19 02:54:27 -0500 |
| commit | d192cd125ce1daaf12f6f6d595b64d46f74eadbb (patch) | |
| tree | 815d5c362a9a3bdb2bbcf4a735be935b2d07277c /configs | |
| parent | 4437db8d8947a5cf4e491df13c77d6f8b66597fc (diff) | |
sip.conf: tlsclientmethod is using sslv23 as default.
When 'tlsclientmethod' is not specified in sip.conf, chan_sip uses the OpenSSL
SSLv23_method. This was documented incorrectly in the file sip.conf.sample.
SSLv23_method got its name in the 90s. Today, with OpenSSL 1.0.2, this method
enables (just) the secure TLSv1.0 and TLSv1.2. Or stated differently, that
function should have been called 'secure_method' or 'automatic_method' back in
the 90s.
Consequently please, specify 'tlsclientmethod=tlsv1' in your sip.conf only if
you face a server which has problems like not falling back to TLSv1.0
automatically.
ASTERISK-24425
Change-Id: I502ce6146b4504cadfd3973af8d6ec3994f54fa3
Diffstat (limited to 'configs')
| -rw-r--r-- | configs/samples/sip.conf.sample | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/configs/samples/sip.conf.sample b/configs/samples/sip.conf.sample index a7b74df69..da176b4d6 100644 --- a/configs/samples/sip.conf.sample +++ b/configs/samples/sip.conf.sample @@ -611,7 +611,16 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; ;tlsclientmethod=tlsv1 ; values include tlsv1, sslv3, sslv2. ; Specify protocol for outbound client connections. - ; If left unspecified, the default is sslv2. + ; If left unspecified, the default is the general- + ; purpose version-flexible SSL/TLS method (sslv23). + ; With that, the actual protocol version used will + ; be negotiated to the highest version mutually + ; supported by Asterisk and the remote server, i.e. + ; TLSv1.2. The supported protocols are listed at + ; http://www.openssl.org/docs/ssl/SSL_CTX_new.html + ; SSLv2 and SSLv3 are disabled within Asterisk. + ; Your distribution might have changed that list + ; further. ; ;--------------------------- SIP timers ---------------------------------------------------- ; These timers are used primarily in INVITE transactions. |