git:master:3fa7b04c: tls: switch to TLSv1.2 in example cfg, usage of TLS 1.0 is not recommended anymore - sr-dev

15 Oct 2019

Module: kamailio
Branch: master
Commit: 3fa7b04cb6ac4170343455fa4f591fa95f7a3ff9
URL: https://github.com/kamailio/kamailio/commit/3fa7b04cb6ac4170343455fa4f591fa9...
Author: Henning Westerholt hw@skalatan.de
Committer: Henning Westerholt hw@skalatan.de
Date: 2019-10-15T14:14:16+02:00
tls: switch to TLSv1.2 in example cfg, usage of TLS 1.0 is not recommended anymore
---
Modified: src/modules/tls/tls.cfg
---
Diff:  https://github.com/kamailio/kamailio/commit/3fa7b04cb6ac4170343455fa4f591fa9...
Patch: https://github.com/kamailio/kamailio/commit/3fa7b04cb6ac4170343455fa4f591fa9...
---

diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg
index b84ba8fcfc..d8b20049ae 100644
--- a/src/modules/tls/tls.cfg
+++ b/src/modules/tls/tls.cfg
@@ -8,12 +8,12 @@
 # connections that do not match any other server
 # domain in this configuration file.
 #
-# We do not enable anything else than TLSv1
+# We do not enable anything else than TLSv1.2
 # over the public internet. Clients do not have
 # to present client certificates by default.
 #
 [server:default]
-method = TLSv1
+method = TLSv1.2
 verify_certificate = no
 require_certificate = no
 private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
@@ -29,21 +29,21 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
 # We require that servers present valid certificate.
 #
 [client:default]
-#method = TLSv1
+#method = TLSv1.2
 verify_certificate = yes
 require_certificate = yes
# ---
 # This is an example server domain for TLS connections
 # received from the loopback interface. We allow
-# the use of TLSv1 protocols here, we do
+# the use of TLSv1.2 protocols here, we do
 # not require that clients present client certificates
 # but if they present it it must be valid. We also use
 # a special certificate and CA list for loopback
 # interface.
 #
 #[server:5.6.7.8:5061]
-#method = TLSv1
+#method = TLSv1.2
 #verify_certificate = yes
 #require_certificate = no
 #private_key = /usr/local/etc/kamailio/tls/local_key.pem
@@ -76,7 +76,7 @@ require_certificate = yes
 # - it requires to have 'server_name' to match on SNI (domain and subdomains)
 #
 #[server:any]
-#method = TLSv1
+#method = TLSv1.2
 #verify_certificate = yes
 #require_certificate = no
 #private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem
@@ -93,7 +93,7 @@ require_certificate = yes
 # - it requires to have 'server_name' to match on SNI (only subdomains)
 #
 #[server:any]
-#method = TLSv1
+#method = TLSv1.2
 #verify_certificate = yes
 #require_certificate = no
 #private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem

    