Hi!
I just wanted to try pjsua with TLS but it fails as pjsua sends a SSLv3
compatible Hello whereas SIP requires TLS.
regards
klaus
On 2/8/08, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Hi!
I just wanted to try pjsua with TLS but it fails as pjsua sends a SSLv3
compatible Hello whereas SIP requires TLS.
Is it? I thought TLSv2/3 is okay.
Anyway, PJSIP uses TLSv23 by default. If you'd like to use TLSv1, just
add this when creating the TLS transport:
tcp_cfg.tls_setting.method = PJSIP_TLSV1_METHOD;
cheers,
-benny
regards
klaus
Thanks for the info.
I've checked RFC 3261: It only takes about TLS (RFC 2246) - no single
word mentions SSL.
RFC 2246 itself refers to SSL for backward compatibility reasons only.
When using openssl, it allows sending an SSLv2 ClientHello which
indicates SSLv3 and TLSv1 support too. But I'm not sure if this is
generally the case or only supported by openssl. Further, SSLv2 should
be disabled anyway (insecure).
Thus, IMO TLSv1 should be the default value. If have asked to the SIP
implementors list for clarification.
Anyway I have a feature request: allowing to set the TLS method via
command line for the pjsua client.
regards
klaus
PS: at
http://www.pjsip.org/pjsip/docs/html/structpjsip__tls__setting.htm#3a453c419c092ecc05f0141da36183fa
there is a typo (TLS instead of SSL)
Benny Prijono schrieb:
On 2/8/08, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Hi!
I just wanted to try pjsua with TLS but it fails as pjsua sends a SSLv3
compatible Hello whereas SIP requires TLS.
Is it? I thought TLSv2/3 is okay.
Anyway, PJSIP uses TLSv23 by default. If you'd like to use TLSv1, just
add this when creating the TLS transport:
tcp_cfg.tls_setting.method = PJSIP_TLSV1_METHOD;
cheers,
-benny
regards
klaus
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
Done (http://trac.pjsip.org/repos/ticket/481). Default TLS version is
now TLSv1, and also fixed the typos (website will be updated on next
update schedule). I guess with this we don't need to have the command
line option to set TLS version in pjsua.
thanks
-benny
On 2/11/08, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Thanks for the info.
I've checked RFC 3261: It only takes about TLS (RFC 2246) - no single
word mentions SSL.
RFC 2246 itself refers to SSL for backward compatibility reasons only.
When using openssl, it allows sending an SSLv2 ClientHello which
indicates SSLv3 and TLSv1 support too. But I'm not sure if this is
generally the case or only supported by openssl. Further, SSLv2 should
be disabled anyway (insecure).
Thus, IMO TLSv1 should be the default value. If have asked to the SIP
implementors list for clarification.
Anyway I have a feature request: allowing to set the TLS method via
command line for the pjsua client.
regards
klaus
PS: at
http://www.pjsip.org/pjsip/docs/html/structpjsip__tls__setting.htm#3a453c419c092ecc05f0141da36183fa
there is a typo (TLS instead of SSL)
Benny Prijono schrieb:
On 2/8/08, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Hi!
I just wanted to try pjsua with TLS but it fails as pjsua sends a SSLv3
compatible Hello whereas SIP requires TLS.
Is it? I thought TLSv2/3 is okay.
Anyway, PJSIP uses TLSv23 by default. If you'd like to use TLSv1, just
add this when creating the TLS transport:
tcp_cfg.tls_setting.method = PJSIP_TLSV1_METHOD;
cheers,
-benny
regards
klaus
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
Benny Prijono schrieb:
Done (http://trac.pjsip.org/repos/ticket/481). Default TLS version is
now TLSv1, and also fixed the typos (website will be updated on next
update schedule). I guess with this we don't need to have the command
line option to set TLS version in pjsua.
ok. thanks
klaus
thanks
-benny
On 2/11/08, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Thanks for the info.
I've checked RFC 3261: It only takes about TLS (RFC 2246) - no single
word mentions SSL.
RFC 2246 itself refers to SSL for backward compatibility reasons only.
When using openssl, it allows sending an SSLv2 ClientHello which
indicates SSLv3 and TLSv1 support too. But I'm not sure if this is
generally the case or only supported by openssl. Further, SSLv2 should
be disabled anyway (insecure).
Thus, IMO TLSv1 should be the default value. If have asked to the SIP
implementors list for clarification.
Anyway I have a feature request: allowing to set the TLS method via
command line for the pjsua client.
regards
klaus
PS: at
http://www.pjsip.org/pjsip/docs/html/structpjsip__tls__setting.htm#3a453c419c092ecc05f0141da36183fa
there is a typo (TLS instead of SSL)
Benny Prijono schrieb:
On 2/8/08, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Hi!
I just wanted to try pjsua with TLS but it fails as pjsua sends a SSLv3
compatible Hello whereas SIP requires TLS.
Is it? I thought TLSv2/3 is okay.
Anyway, PJSIP uses TLSv23 by default. If you'd like to use TLSv1, just
add this when creating the TLS transport:
tcp_cfg.tls_setting.method = PJSIP_TLSV1_METHOD;
cheers,
-benny
regards
klaus
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
Visit our blog: http://blog.pjsip.org
pjsip mailing list
pjsip@lists.pjsip.org
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org