git:master: tls: listed TLSv1.1 and TLSv1. 2 as values for tls_method parameter - sr-dev

3 Nov 2013

Module: sip-router
Branch: master
Commit: 1e2bb79a135bef9936fb5d5e0fb9a708589452b9
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=1e2bb79a...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date:   Sun Nov  3 13:14:31 2013 +0100
tls: listed TLSv1.1 and TLSv1.2 as values for tls_method parameter
---
modules/tls/doc/params.xml |   25 ++++++++++++++++++++++---
 1 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/modules/tls/doc/params.xml b/modules/tls/doc/params.xml
index 46c9618..54c21e7 100644
--- a/modules/tls/doc/params.xml
+++ b/modules/tls/doc/params.xml
@@ -21,7 +21,20 @@
    <itemizedlist>
    		<listitem>
    			<para>
-				<emphasis>TLSv1</emphasis> - only TLSv1 connections are accepted. This is the default and recommended method (if you want to be rfc3261  conformant don't change it).
+				<emphasis>TLSv1.1</emphasis> - only TLSv1.2 connections are accepted
+				(available starting with openssl/libssl v1.0.1e)
+				</para>
+			</listitem>
+			<listitem>
+				<para>
+				<emphasis>TLSv1.1</emphasis> - only TLSv1.1 connections are accepted
+				(available starting with openssl/libssl v1.0.0)
+				</para>
+			</listitem>
+			<listitem>
+				<para>
+				<emphasis>TLSv1</emphasis> - only TLSv1 connections are accepted.
+				This is the default value.
    			</para>
    		</listitem>
    		<listitem>
@@ -31,12 +44,18 @@
    		</listitem>
    		<listitem>
    			<para>
-				<emphasis>SSLv2</emphasis> - only SSLv2 connections, for old clients. Note: you shouldn't use SSLv2 for anything which should be highly secure.
+				<emphasis>SSLv2</emphasis> - only SSLv2 connections, for old clients.
+				Note: you shouldn't use SSLv2 for anything which should be highly secure.
+				Newer versions of libssl don't include support for it anymore.
    			</para>
    		</listitem>
    		<listitem>
    			<para>
-				<emphasis>SSLv23</emphasis> - any of the above methods will be accepted, with the following limitation: the initial SSL hello message must be V2 (in the initial hello all the supported protocols are advertised enabling switching to a higher and more secure version). This means connections from SSLv3 or TLSv1 clients will not be accepted.
+				<emphasis>SSLv23</emphasis> - any of the SSLv2, SSLv3 and TLSv1 methods
+				will be accepted, with the following limitation: the initial SSL hello
+				message must be V2 (in the initial hello all the supported protocols
+				are advertised enabling switching to a higher and more secure version).
+				This means connections from SSLv3 or TLSv1 clients will be accepted.
    			</para>
    		</listitem>
    </itemizedlist>

    