[Freeswitch-users] Problems with TLS after upgrading to Buster

Sebastian Kemper sebastian_ml at gmx.net
Wed Nov 13 20:01:31 UTC 2019

On Tue, Nov 12, 2019 at 10:38:40PM +0100, Walter Behrend wrote:
> Btw, I think there is a problem in freeswitch - if for example I
> configure stunnel, there is no problem with specifying accepting also
> older TLS standards without the need of changing the MinProtocol
> setting within the openssl.cnf file. As a user or admin, I would
> normally expect the tls-version parameter to do the same job for me...

Hi Walter,

I guess that's a point of view. I was quite happy to find that OpenSSL
enforces the restrictions set in /etc/ssl/openssl.cnf also when used
through FreeSWITCH. I'd find it rather strange if it didn't, honestly.
If they're the default settings then they have to be enforced whenever
OpenSSL is used, in my opinion.

I've tested with an updated message digest in gentls_cert (SHA256 like
you suggested) and can confirm it's working properly with this. I've
sent a pull request via GitHub to FS.


More information about the FreeSWITCH-users mailing list