[Freeswitch-users] TLS 1.3 with verto

David P davidswalkabout at gmail.com
Tue Jan 5 22:02:17 UTC 2021


We use FS 10.5 on Debian for verto calls with
setting sip_tls_version=tlsv1.2 and an apache2 reverse proxy for WebSocket
logins so there's no port number in the WSS url so there should be no
problem with restrictive firewalls for WSS login.

In recent months we've seen some of the login attempts timeout, and there's
nothing in the FS log at debug level to indicate why. But after a few
minutes, verto's reattempts succeed in logging in. Has anyone else
experienced this and found the cause?

I thought I found the reason in our apache error.log, because it shows that
some access attempts use TLSv1.3. I tried to get apache to reject these by
switching its config to...

   SSLProtocol -all +TLSv1.2

...but the TLSv1.3 attempts still behave the same. (Also, although these
attempts appear in error.log, there's no hint about why they are in this
log instead of access.log.)

Can someone confirm that FS 10.5 doesn't yet support TLSv1.3?

Cheers,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20210106/dc648f32/attachment-0001.html>


More information about the FreeSWITCH-users mailing list