Thanks for the info. I've checked RFC 3261: It only takes about TLS (RFC 2246) - no single word mentions SSL. RFC 2246 itself refers to SSL for backward compatibility reasons only. When using openssl, it allows sending an SSLv2 ClientHello which indicates SSLv3 and TLSv1 support too. But I'm not sure if this is generally the case or only supported by openssl. Further, SSLv2 should be disabled anyway (insecure). Thus, IMO TLSv1 should be the default value. If have asked to the SIP implementors list for clarification. Anyway I have a feature request: allowing to set the TLS method via command line for the pjsua client. regards klaus PS: at http://www.pjsip.org/pjsip/docs/html/structpjsip__tls__setting.htm#3a453c419c092ecc05f0141da36183fa there is a typo (TLS instead of SSL) # PJSIP_SSLV2_METHOD(2): TLSv2 # PJSIP_SSLV3_METHOD(3): TLSv3 # PJSIP_SSLV23_METHOD(23): TLSv23 Benny Prijono schrieb: > On 2/8/08, Klaus Darilion <klaus.mailinglists at pernau.at> wrote: >> Hi! >> >> I just wanted to try pjsua with TLS but it fails as pjsua sends a SSLv3 >> compatible Hello whereas SIP requires TLS. > > Is it? I thought TLSv2/3 is okay. > > Anyway, PJSIP uses TLSv23 by default. If you'd like to use TLSv1, just > add this when creating the TLS transport: > > tcp_cfg.tls_setting.method = PJSIP_TLSV1_METHOD; > > cheers, > -benny > >> regards >> klaus > > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip at lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
