On Fri, May 23, 2014 at 3:10 PM, James Cloos cloos@jhcloos.com wrote:
"FC" == Frank Carmickle frank@carmickle.com writes:
FC> Freeswitch does support most new features of openssl 1.0.1 branch. I FC> believe it defaults to tls1.1 currently but I believe the goal is to FC> only enable tls1.2, with ECDHE+AES128 by default. You can certainly FC> ask it to do what ever openssl supports, except that right now ECDHE FC> is hardcoded to p256.
Excellent. Happy to know that.
To clarify further, FreeSWITCH allows enforcement of specific TLS version up to and including TLS 1.2 (depending on underlying OpenSSL support, of course). This is a per-profile configuration setting:
https://fisheye.freeswitch.org/browse/~raw,r=fd38a255f8f1fa3fa18b1b5263990af...