From 04d3785a798e984a5f5d43ec5f124a9b30a58b9e Mon Sep 17 00:00:00 2001 From: Sean Bright Date: Fri, 29 Sep 2017 14:50:17 +0000 Subject: dtls: Add support for ephemeral DTLS certificates. This mimics the behavior of Chrome and Firefox and creates an ephemeral X.509 certificate for each DTLS session. Currently, the only supported key type is ECDSA because of its faster generation time, but other key types can be added in the future as necessary. ASTERISK-27395 Change-Id: I5122e5f4b83c6320cc17407a187fcf491daf30b4 --- configs/samples/sip.conf.sample | 2 ++ 1 file changed, 2 insertions(+) (limited to 'configs/samples/sip.conf.sample') diff --git a/configs/samples/sip.conf.sample b/configs/samples/sip.conf.sample index 9b52ec06c..ace509759 100644 --- a/configs/samples/sip.conf.sample +++ b/configs/samples/sip.conf.sample @@ -1340,6 +1340,7 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; encryption ; description ; Used to provide a description of the peer in console output ; dtlsenable +; dtlsautogeneratecert ; dtlsverify ; dtlsrekey ; dtlscertfile @@ -1369,6 +1370,7 @@ srvlookup=yes ; Enable DNS SRV lookups on outbound calls ; ; A value of 'certificate' will perform ONLY certficiate verification ; dtlsrekey = 60 ; Interval at which to renegotiate the TLS session and rekey the SRTP session ; ; If this is not set or the value provided is 0 rekeying will be disabled +; dtlsautogeneratecert = yes ; Enable ephemeral DTLS certificate generation. The default is 'no.' ; dtlscertfile = file ; Path to certificate file to present ; dtlsprivatekey = file ; Path to private key for certificate file ; dtlscipher = ; Cipher to use for TLS negotiation -- cgit v1.2.3