[pjsip] pjsua: SSL instead of TLS

Klaus Darilion klaus.mailinglists at pernau.at
Mon Feb 11 06:17:35 EST 2008


Thanks for the info.

I've checked RFC 3261: It only takes about TLS (RFC 2246) - no single 
word mentions SSL.

RFC 2246 itself refers to SSL for backward compatibility reasons only. 
When using openssl, it allows sending an SSLv2 ClientHello which 
indicates SSLv3 and TLSv1 support too. But I'm not sure if this is 
generally the case or only supported by openssl. Further, SSLv2 should 
be disabled anyway (insecure).

Thus, IMO TLSv1 should be the default value. If have asked to the SIP 
implementors list for clarification.

Anyway I have a feature request: allowing to set the TLS method via 
command line for the pjsua client.

regards
klaus


PS: at 
http://www.pjsip.org/pjsip/docs/html/structpjsip__tls__setting.htm#3a453c419c092ecc05f0141da36183fa 
there is a typo (TLS instead of SSL)

# PJSIP_SSLV2_METHOD(2): TLSv2
# PJSIP_SSLV3_METHOD(3): TLSv3
# PJSIP_SSLV23_METHOD(23): TLSv23


Benny Prijono schrieb:
> On 2/8/08, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>> Hi!
>>
>> I just wanted to try pjsua with TLS but it fails as pjsua sends a SSLv3
>> compatible Hello whereas SIP requires TLS.
> 
> Is it? I thought TLSv2/3 is okay.
> 
> Anyway, PJSIP uses TLSv23 by default. If you'd like to use TLSv1, just
> add this when creating the TLS transport:
> 
>   tcp_cfg.tls_setting.method = PJSIP_TLSV1_METHOD;
> 
> cheers,
>  -benny
> 
>> regards
>> klaus
> 
> _______________________________________________
> Visit our blog: http://blog.pjsip.org
> 
> pjsip mailing list
> pjsip at lists.pjsip.org
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org




More information about the pjsip mailing list