pjsua: SSL instead of TLS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Benny Prijono schrieb:
> Done (http://trac.pjsip.org/repos/ticket/481). Default TLS version is
> now TLSv1, and also fixed the typos (website will be updated on next
> update schedule). I guess with this we don't need to have the command
> line option to set TLS version in pjsua.

ok. thanks


klaus

> 
> thanks
>  -benny
> 
> On 2/11/08, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>> Thanks for the info.
>>
>>  I've checked RFC 3261: It only takes about TLS (RFC 2246) - no single
>>  word mentions SSL.
>>
>>  RFC 2246 itself refers to SSL for backward compatibility reasons only.
>>  When using openssl, it allows sending an SSLv2 ClientHello which
>>  indicates SSLv3 and TLSv1 support too. But I'm not sure if this is
>>  generally the case or only supported by openssl. Further, SSLv2 should
>>  be disabled anyway (insecure).
>>
>>  Thus, IMO TLSv1 should be the default value. If have asked to the SIP
>>  implementors list for clarification.
>>
>>  Anyway I have a feature request: allowing to set the TLS method via
>>  command line for the pjsua client.
>>
>>  regards
>>  klaus
>>
>>
>>  PS: at
>>  http://www.pjsip.org/pjsip/docs/html/structpjsip__tls__setting.htm#3a453c419c092ecc05f0141da36183fa
>>  there is a typo (TLS instead of SSL)
>>
>>  # PJSIP_SSLV2_METHOD(2): TLSv2
>>  # PJSIP_SSLV3_METHOD(3): TLSv3
>>  # PJSIP_SSLV23_METHOD(23): TLSv23
>>
>>
>>  Benny Prijono schrieb:
>>
>>> On 2/8/08, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>>  >> Hi!
>>  >>
>>  >> I just wanted to try pjsua with TLS but it fails as pjsua sends a SSLv3
>>  >> compatible Hello whereas SIP requires TLS.
>>  >
>>  > Is it? I thought TLSv2/3 is okay.
>>  >
>>  > Anyway, PJSIP uses TLSv23 by default. If you'd like to use TLSv1, just
>>  > add this when creating the TLS transport:
>>  >
>>  >   tcp_cfg.tls_setting.method = PJSIP_TLSV1_METHOD;
>>  >
>>  > cheers,
>>  >  -benny
>>  >
>>  >> regards
>>  >> klaus
>>  >
>>
>>> _______________________________________________
>>  > Visit our blog: http://blog.pjsip.org
>>  >
>>  > pjsip mailing list
>>  > pjsip at lists.pjsip.org
>>  > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>>
>>  _______________________________________________
>>  Visit our blog: http://blog.pjsip.org
>>
>>  pjsip mailing list
>>  pjsip at lists.pjsip.org
>>  http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
>>
> 
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
> 
> pjsip mailing list
> pjsip at lists.pjsip.org
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux