diff options
Diffstat (limited to 'configs')
-rw-r--r-- | configs/samples/http.conf.sample | 20 | ||||
-rw-r--r-- | configs/samples/rtp.conf.sample | 27 |
2 files changed, 47 insertions, 0 deletions
diff --git a/configs/samples/http.conf.sample b/configs/samples/http.conf.sample index 1d23a67f6..342dff483 100644 --- a/configs/samples/http.conf.sample +++ b/configs/samples/http.conf.sample @@ -90,6 +90,26 @@ bindaddr=127.0.0.1 ; private in same .pem file. ; openssl req -new -x509 -days 365 -nodes -out /tmp/foo.pem -keyout /tmp/foo.pem ; +; tlscipher= ; The list of allowed ciphers +; ; if none are specified the following cipher +; ; list will be used instead: +; ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384: +; ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256: +; kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA: +; ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384: +; ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA: +; DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA: +; AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA: +; AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH: +; !EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA +; +; tlsdisablev1=yes ; Disable TLSv1 support - if not set this defaults to "yes" +; tlsdisablev11=yes ; Disable TLSv1.1 support - if not set this defaults to "no" +; tlsdisablev12=yes ; Disable TLSv1.2 support - if not set this defaults to "no" +; +; tlsservercipherorder=yes ; Use the server preference order instead of the client order +; ; Defaults to "yes" +; ; The post_mappings section maps URLs to real paths on the filesystem. If a ; POST is done from within an authenticated manager session to one of the ; configured POST mappings, then any files in the POST will be placed in the diff --git a/configs/samples/rtp.conf.sample b/configs/samples/rtp.conf.sample index c22acaa9f..2ef5dd28a 100644 --- a/configs/samples/rtp.conf.sample +++ b/configs/samples/rtp.conf.sample @@ -58,3 +58,30 @@ rtpend=20000 ; ; Password used to authenticate with TURN relay server. ; turnpassword= +; +[ice_host_candidates] +; +; When Asterisk is behind a static one-to-one NAT and ICE is in use, ICE will +; expose the server's internal IP address as one of the host candidates. +; Although using STUN (see the 'stunaddr' configuration option) will provide a +; publicly accessible IP, the internal IP will still be sent to the remote +; peer. To help hide the topology of your internal network, you can override +; the host candidates that Asterisk will send to the remote peer. +; +; IMPORTANT: Only use this functionality when your Asterisk server is behind a +; one-to-one NAT and you know what you're doing. If you do define anything +; here, you almost certainly will NOT want to specify 'stunaddr' or 'turnaddr' +; above. +; +; The format for these overrides is: +; +; <local address> => <advertised address> +; +; The following will replace 192.168.1.10 with 1.2.3.4 during ICE +; negotiation: +; +;192.168.1.10 => 1.2.3.4 +; +; You can define an override for more than 1 interface if you have a multihomed +; server. Any local interface that is not matched will be passed through +; unaltered. Both IPv4 and IPv6 addresses are supported. |