[Freeswitch-users] Problems with TLS after upgrading to Buster

Victor Chukalovskiy victor.chukalovskiy at gmail.com
Mon Apr 6 22:39:04 UTC 2020


Old thread, but in case it helps anyone. For SessionTalk + FreeSwitch, 
you need to set openssl.cnf params rock bottom low:

[system_default_sect]
MinProtocol = TLSv1
CipherString = DEFAULT at SECLEVEL=1

I've followed-up with SessionTalk support to check on TLS V1.2 and stronger cipher suite. However my hopes are low since they haven't though of it on their own. App store feedback pending...


On 2019-11-13 3:01 p.m., Sebastian Kemper wrote:
> On Tue, Nov 12, 2019 at 10:38:40PM +0100, Walter Behrend wrote:
>> Btw, I think there is a problem in freeswitch - if for example I
>> configure stunnel, there is no problem with specifying accepting also
>> older TLS standards without the need of changing the MinProtocol
>> setting within the openssl.cnf file. As a user or admin, I would
>> normally expect the tls-version parameter to do the same job for me...
> Hi Walter,
>
> I guess that's a point of view. I was quite happy to find that OpenSSL
> enforces the restrictions set in /etc/ssl/openssl.cnf also when used
> through FreeSWITCH. I'd find it rather strange if it didn't, honestly.
> If they're the default settings then they have to be enforced whenever
> OpenSSL is used, in my opinion.
>
> I've tested with an updated message digest in gentls_cert (SHA256 like
> you suggested) and can confirm it's working properly with this. I've
> sent a pull request via GitHub to FS.
>
> Regards,
> Seb
>
> _________________________________________________________________________
>
> The FreeSWITCH project is sponsored by SignalWire https://signalwire.com
> Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.
> Build your next product on our scalable cloud platform.
>
> Join our online community to chat in real time https://signalwire.community
>
> Professional FreeSWITCH Services
> sales at freeswitch.com
> https://freeswitch.com
>
> Official FreeSWITCH Sites
> https://freeswitch.com/oss
> https://freeswitch.org/confluence
> https://cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> https://freeswitch.com




More information about the FreeSWITCH-users mailing list