On Fri, May 23, 2014 at 3:10 PM, James Cloos <[email protected]> wrote: >>>>>> "FC" == Frank Carmickle <[email protected]> writes: > > FC> Freeswitch does support most new features of openssl 1.0.1 branch. I > FC> believe it defaults to tls1.1 currently but I believe the goal is to > FC> only enable tls1.2, with ECDHE+AES128 by default. You can certainly > FC> ask it to do what ever openssl supports, except that right now ECDHE > FC> is hardcoded to p256. > > Excellent. Happy to know that. >
To clarify further, FreeSWITCH allows enforcement of specific TLS version up to and including TLS 1.2 (depending on underlying OpenSSL support, of course). This is a per-profile configuration setting: https://fisheye.freeswitch.org/browse/~raw,r=fd38a255f8f1fa3fa18b1b5263990af8ac4bc632/FreeSWITCH/conf/vanilla/sip_profiles/internal.xml -- Kristian Kielhofner _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
