[Freeswitch-users] SIP-S and openssl

mehroz mehroz.ashraf85 at gmail.com
Sun Jun 9 11:13:33 MSD 2013


Moreover, there is a file in libs/sofia-sip/libsofia-sip-ua/tport/ as
tport_tls.c. 
and a portion of fucntion: 
void tls_set_default(tls_issues_t *i) 
{ 
  i->verify_depth = i->verify_depth == 0 ? 2 : i->verify_depth; 
  i->cert = i->cert ? i->cert : "agent.pem"; 
  i->key = i->key ? i->key : i->cert; 
  i->randFile = i->randFile ? i->randFile : "tls_seed.dat"; 
  i->CAfile = i->CAfile ? i->CAfile : "cafile.pem"; 
  i->cipher = i->cipher ? i->cipher : "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"; 
  /* Default SIP cipher */ 
  /* "RSA-WITH-AES-128-CBC-SHA"; */ 
  /* RFC-2543-compatibility ciphersuite */ 
  /* TLS_RSA_WITH_3DES_EDE_CBC_SHA; */ 
} 

seems to be a relevant approach. Cipher mentioned as default
"RSA-WITH-AES-128-CBC-SHA" is returned in ServerHello in default
configuration. Changing this cipher (replacing
"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" with  "ECDHE-ECDSA-AES256-GCM-SHA384" )
according to my need i.e SUIT-B cipher and compiling FS again, results
internal SIP profile not being loaded. 

Please comments if any body have previously worked or dev guys could help
so?



--
View this message in context: http://freeswitch-users.2379917.n2.nabble.com/SIP-S-and-openssl-tp7591496p7591559.html
Sent from the freeswitch-users mailing list archive at Nabble.com.



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list