[Freeswitch-users] TLS1.2 ONLY
Nathan Stratton
nathan at robotics.net
Mon Dec 30 17:28:10 UTC 2019
# vars.xml
<X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1.2"/>
<X-PRE-PROCESS cmd="set"
data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!RC4:!3DES:!MD5:@STRENGTH"/>
# internal.xml
<param name="wss-binding" value=":443"/>
<param name="tls-version" value="$${sip_tls_version}"/>
<param name="tls-ciphers" value="$${sip_tls_ciphers}"/>
However when I check out my server with
https://www.ssllabs.com/ssltest/analyze.html it shows TLS1.1 along with
TLS1.2.
Any way to JUST have the server answer TLS1.2? Also is it possible to set
the order of cipher suites and get rid of:
Cipher Suites
# TLS 1.2 (server has no preference)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) *WEAK* 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) *WEAK* 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) *WEAK* 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) *WEAK* 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) *WEAK* 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) *WEAK* 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) *WEAK* 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) *WEAK* 256
><>
nathan stratton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20191230/b98032f2/attachment.html>
More information about the FreeSWITCH-users
mailing list