[pjsip] pjsua: SSL instead of TLS
klaus.mailinglists at pernau.at
Mon Feb 11 06:17:35 EST 2008
Thanks for the info.
I've checked RFC 3261: It only takes about TLS (RFC 2246) - no single
word mentions SSL.
RFC 2246 itself refers to SSL for backward compatibility reasons only.
When using openssl, it allows sending an SSLv2 ClientHello which
indicates SSLv3 and TLSv1 support too. But I'm not sure if this is
generally the case or only supported by openssl. Further, SSLv2 should
be disabled anyway (insecure).
Thus, IMO TLSv1 should be the default value. If have asked to the SIP
implementors list for clarification.
Anyway I have a feature request: allowing to set the TLS method via
command line for the pjsua client.
there is a typo (TLS instead of SSL)
# PJSIP_SSLV2_METHOD(2): TLSv2
# PJSIP_SSLV3_METHOD(3): TLSv3
# PJSIP_SSLV23_METHOD(23): TLSv23
Benny Prijono schrieb:
> On 2/8/08, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>> I just wanted to try pjsua with TLS but it fails as pjsua sends a SSLv3
>> compatible Hello whereas SIP requires TLS.
> Is it? I thought TLSv2/3 is okay.
> Anyway, PJSIP uses TLSv23 by default. If you'd like to use TLSv1, just
> add this when creating the TLS transport:
> tcp_cfg.tls_setting.method = PJSIP_TLSV1_METHOD;
> Visit our blog: http://blog.pjsip.org
> pjsip mailing list
> pjsip at lists.pjsip.org
More information about the pjsip