Module: kamailio Branch: master Commit: 3fa7b04cb6ac4170343455fa4f591fa95f7a3ff9 URL: https://github.com/kamailio/kamailio/commit/3fa7b04cb6ac4170343455fa4f591fa… Author: Henning Westerholt <hw(a)skalatan.de> Committer: Henning Westerholt <hw(a)skalatan.de> Date: 2019-10-15T14:14:16+02:00 tls: switch to TLSv1.2 in example cfg, usage of TLS 1.0 is not recommended anymore --- Modified: src/modules/tls/tls.cfg --- Diff: https://github.com/kamailio/kamailio/commit/3fa7b04cb6ac4170343455fa4f591fa… Patch: https://github.com/kamailio/kamailio/commit/3fa7b04cb6ac4170343455fa4f591fa… --- diff --git a/src/modules/tls/tls.cfg b/src/modules/tls/tls.cfg index b84ba8fcfc..d8b20049ae 100644 --- a/src/modules/tls/tls.cfg +++ b/src/modules/tls/tls.cfg @@ -8,12 +8,12 @@ # connections that do not match any other server # domain in this configuration file. # -# We do not enable anything else than TLSv1 +# We do not enable anything else than TLSv1.2 # over the public internet. Clients do not have # to present client certificates by default. # [server:default] -method = TLSv1 +method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key @@ -29,21 +29,21 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem # We require that servers present valid certificate. # [client:default] -#method = TLSv1 +#method = TLSv1.2 verify_certificate = yes require_certificate = yes # --- # This is an example server domain for TLS connections # received from the loopback interface. We allow -# the use of TLSv1 protocols here, we do +# the use of TLSv1.2 protocols here, we do # not require that clients present client certificates # but if they present it it must be valid. We also use # a special certificate and CA list for loopback # interface. # #[server:5.6.7.8:5061] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/local_key.pem @@ -76,7 +76,7 @@ require_certificate = yes # - it requires to have 'server_name' to match on SNI (domain and subdomains) # #[server:any] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem @@ -93,7 +93,7 @@ require_certificate = yes # - it requires to have 'server_name' to match on SNI (only subdomains) # #[server:any] -#method = TLSv1 +#method = TLSv1.2 #verify_certificate = yes #require_certificate = no #private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem