]> git.ipfire.org Git - thirdparty/freeswitch.git/commitdiff
projects / thirdparty / freeswitch.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a435ef)
Update in-config docs
authorBrian West <brian@freeswitch.org>
Thu, 6 Feb 2014 14:58:48 +0000 (08:58 -0600)
committerBrian West <brian@freeswitch.org>
Thu, 6 Feb 2014 14:59:51 +0000 (08:59 -0600)
conf/vanilla/sip_profiles/internal.xml patch | blob | blame | history
conf/vanilla/vars.xml patch | blob | blame | history

diff --git a/conf/vanilla/sip_profiles/internal.xml b/conf/vanilla/sip_profiles/internal.xml
index d243c7bb2990473ecc989c8772ea9e72d46c1420..eeebf05610a508df3cb47a739fa424a6e1236a3b 100644 (file)
--- a/conf/vanilla/sip_profiles/internal.xml
+++ b/conf/vanilla/sip_profiles/internal.xml
@@ -206,9 +206,12 @@
     <param name="tls-verify-depth" value="2"/>
     <!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
     <param name="tls-verify-in-subjects" value=""/>
-    <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
+    <!-- TLS version default: tlsv1,tlsv1.1,tlsv1.2 -->
     <param name="tls-version" value="$${sip_tls_version}"/>
 
+    <!-- TLS ciphers default: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH  -->
+    <param name="tls-ciphers" value="$${sip_tls_ciphers}"/>
+
     <!-- turn on auto-flush during bridge (skip timer sleep when the socket already has data)
          (reduces delay on latent connections default true, must be disabled explicitly)-->
     <!--<param name="rtp-autoflush-during-bridge" value="false"/>-->
diff --git a/conf/vanilla/vars.xml b/conf/vanilla/vars.xml
index 8c8d0cf90cd40771f5b5e2699b5e9a544ed46f1f..5d3d22548b9073ef95d122f9f802d01fe347344e 100644 (file)
--- a/conf/vanilla/vars.xml
+++ b/conf/vanilla/vars.xml
@@ -270,10 +270,19 @@
   <X-PRE-PROCESS cmd="set" data="default_provider_contact=5000"/>
 
   <!--
-      SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
+     SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
+     
+     valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
+
+     default: tlsv1,tlsv1.1,tlsv1.2
   -->
-  <X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1"/>
+  <X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1,tlsv1.1,tlsv1.2"/>
 
+  <!--
+     TLS cipher suite: default ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
+  -->
+  <X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/>
+  
   <!-- Internal SIP Profile -->
   <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
   <X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>
Mirror of https://github.com/signalwire/freeswitch.git