[Freeswitch-users] Freeswitch sslv3 support

[Michael Jerris]

I just reviewed the code. Looks like we disable it all on verto, but not on sofia.  should get me a Jira on this (I was just told one just got made)… we should fix that.  That being said, the sofia web socket support was basically a demo to prove we could do it before we finished verto, there is little reason to use sip over websockets and I never recommend it.  Also, using years old development code should be considered a massive security vulnerability and I would STRONGLY recommend against it.  


> On Jun 20, 2017, at 11:55 AM, Agustí Ubalde Bellot <agubbe at gmail.com> wrote:
> 
> Hi Michael,
> 
> Yes, the version I am using is a development version (1.5.14). In any case, I have performed the same tests in version 1.6 and have the same behavior.
> Instead, the verto module does block the sslv3 protocol.
> 
> 
> Thanks,
> Agustí
> 
> 2017-06-20 10:45 GMT+02:00 Agustí Ubalde Bellot <agubbe at gmail.com <mailto:agubbe at gmail.com>>:
> Hi Michael,
> 
> I have performed several connection tests forcing the sslv3 protocol over secure web sockets and the connection is established. Instead, the same test connecting to the TLS listening port, the connection is not set. The protocol is successfully disabled in the configuration.
> The version of FreeSWITCH I'm testing is 1.5.14. Is there any way to prove that the sslv3 protocol is actually disabled in this release?
> 
> 
> Thanks,
> Agustí
> 
> 2017-06-15 10:07 GMT+02:00 Agustí Ubalde Bellot <agubbe at gmail.com <mailto:agubbe at gmail.com>>:
> Hi Brian,
> 
> Is possible to disable for web socket secure connections too?
> 
> 
> Thanks,
> Agustí
> 
> 2017-06-13 13:24 GMT+02:00 Agustí Ubalde Bellot <agubbe at gmail.com <mailto:agubbe at gmail.com>>:
> Hi all,
> 
> Is there a FreeSWITCH update where sslv3 support is disabled?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20170620/e68483fe/attachment-0001.html>