Browse code

tls: switch to TLSv1.2 in example cfg, usage of TLS 1.0 is not recommended anymore

(cherry picked from commit 3fa7b04cb6ac4170343455fa4f591fa95f7a3ff9)

Henning Westerholt authored on 15/10/2019 12:14:16
Showing 1 changed files
... ...
@@ -8,12 +8,12 @@
8 8
 # connections that do not match any other server
9 9
 # domain in this configuration file.
10 10
 #
11
-# We do not enable anything else than TLSv1
11
+# We do not enable anything else than TLSv1.2
12 12
 # over the public internet. Clients do not have
13 13
 # to present client certificates by default.
14 14
 #
15 15
 [server:default]
16
-method = TLSv1
16
+method = TLSv1.2
17 17
 verify_certificate = no
18 18
 require_certificate = no
19 19
 private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
... ...
@@ -29,21 +29,21 @@ certificate = /usr/local/etc/kamailio/kamailio-selfsigned.pem
29 29
 # We require that servers present valid certificate.
30 30
 #
31 31
 [client:default]
32
-#method = TLSv1
32
+#method = TLSv1.2
33 33
 verify_certificate = yes
34 34
 require_certificate = yes
35 35
 
36 36
 # ---
37 37
 # This is an example server domain for TLS connections
38 38
 # received from the loopback interface. We allow
39
-# the use of TLSv1 protocols here, we do
39
+# the use of TLSv1.2 protocols here, we do
40 40
 # not require that clients present client certificates
41 41
 # but if they present it it must be valid. We also use
42 42
 # a special certificate and CA list for loopback
43 43
 # interface.
44 44
 #
45 45
 #[server:5.6.7.8:5061]
46
-#method = TLSv1
46
+#method = TLSv1.2
47 47
 #verify_certificate = yes
48 48
 #require_certificate = no
49 49
 #private_key = /usr/local/etc/kamailio/tls/local_key.pem
... ...
@@ -76,7 +76,7 @@ require_certificate = yes
76 76
 # - it requires to have 'server_name' to match on SNI (domain and subdomains)
77 77
 #
78 78
 #[server:any]
79
-#method = TLSv1
79
+#method = TLSv1.2
80 80
 #verify_certificate = yes
81 81
 #require_certificate = no
82 82
 #private_key = /usr/local/etc/kamailio/tls/mysipserver_org_key.pem
... ...
@@ -93,7 +93,7 @@ require_certificate = yes
93 93
 # - it requires to have 'server_name' to match on SNI (only subdomains)
94 94
 #
95 95
 #[server:any]
96
-#method = TLSv1
96
+#method = TLSv1.2
97 97
 #verify_certificate = yes
98 98
 #require_certificate = no
99 99
 #private_key = /usr/local/etc/kamailio/tls/mysipserver_net_key.pem