sets which subjects are allowed, multiple subjects can be split
with a '|' pipe -->
<param name="tls-verify-in-subjects" value=""/>
+ <!-- Set the OpenSSL cipher suite list -->
+ <!-- <param name="tls-ciphers" value="!aNULL:!LOW:!EXP:!kECDH:!ECDSA:!DSS:!PSK:!SRP:ALL"/> -->
<!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not
work with TLSv1 -->
<param name="tls-version" value="$${sip_tls_version}"/>
TPTAG_TLS_VERIFY_DATE(profile->tls_verify_date)),
TAG_IF(sofia_test_pflag(profile, PFLAG_TLS) && profile->tls_verify_in_subjects,
TPTAG_TLS_VERIFY_SUBJECTS(profile->tls_verify_in_subjects)),
+ TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
+ TPTAG_TLS_CIPHERS(profile->tls_ciphers)),
TAG_IF(sofia_test_pflag(profile, PFLAG_TLS),
TPTAG_TLS_VERSION(profile->tls_version)),
TAG_IF(sofia_test_pflag(profile, PFLAG_TLS) && profile->tls_timeout,
profile->sip_force_expires = 0;
profile->sip_expires_max_deviation = 0;
profile->sip_subscription_max_deviation = 0;
+ profile->tls_ciphers = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH";
profile->tls_version = SOFIA_TLS_VERSION_TLSv1;
profile->tls_version |= SOFIA_TLS_VERSION_TLSv1_1;
profile->tls_version |= SOFIA_TLS_VERSION_TLSv1_2;
profile->tls_passphrase = switch_core_strdup(profile->pool, val);
} else if (!strcasecmp(var, "tls-verify-in-subjects")) {
profile->tls_verify_in_subjects_str = switch_core_strdup(profile->pool, val);
+ } else if (!strcasecmp(var, "tls-ciphers")) {
+ profile->tls_ciphers = switch_core_strdup(profile->pool, val);
} else if (!strcasecmp(var, "tls-version")) {
char *ps = val, *pe;
profile->tls_version = 0;
projects / thirdparty / freeswitch.git / commitdiff
