pjsua: SSL instead of TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Done (http://trac.pjsip.org/repos/ticket/481). Default TLS version is
now TLSv1, and also fixed the typos (website will be updated on next
update schedule). I guess with this we don't need to have the command
line option to set TLS version in pjsua.

thanks
 -benny

On 2/11/08, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
> Thanks for the info.
>
>  I've checked RFC 3261: It only takes about TLS (RFC 2246) - no single
>  word mentions SSL.
>
>  RFC 2246 itself refers to SSL for backward compatibility reasons only.
>  When using openssl, it allows sending an SSLv2 ClientHello which
>  indicates SSLv3 and TLSv1 support too. But I'm not sure if this is
>  generally the case or only supported by openssl. Further, SSLv2 should
>  be disabled anyway (insecure).
>
>  Thus, IMO TLSv1 should be the default value. If have asked to the SIP
>  implementors list for clarification.
>
>  Anyway I have a feature request: allowing to set the TLS method via
>  command line for the pjsua client.
>
>  regards
>  klaus
>
>
>  PS: at
>  http://www.pjsip.org/pjsip/docs/html/structpjsip__tls__setting.htm#3a453c419c092ecc05f0141da36183fa
>  there is a typo (TLS instead of SSL)
>
>  # PJSIP_SSLV2_METHOD(2): TLSv2
>  # PJSIP_SSLV3_METHOD(3): TLSv3
>  # PJSIP_SSLV23_METHOD(23): TLSv23
>
>
>  Benny Prijono schrieb:
>
> > On 2/8/08, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>  >> Hi!
>  >>
>  >> I just wanted to try pjsua with TLS but it fails as pjsua sends a SSLv3
>  >> compatible Hello whereas SIP requires TLS.
>  >
>  > Is it? I thought TLSv2/3 is okay.
>  >
>  > Anyway, PJSIP uses TLSv23 by default. If you'd like to use TLSv1, just
>  > add this when creating the TLS transport:
>  >
>  >   tcp_cfg.tls_setting.method = PJSIP_TLSV1_METHOD;
>  >
>  > cheers,
>  >  -benny
>  >
>  >> regards
>  >> klaus
>  >
>
> > _______________________________________________
>  > Visit our blog: http://blog.pjsip.org
>  >
>  > pjsip mailing list
>  > pjsip at lists.pjsip.org
>  > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>
>  _______________________________________________
>  Visit our blog: http://blog.pjsip.org
>
>  pjsip mailing list
>  pjsip at lists.pjsip.org
>  http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>



[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux