Commit 0f6766b2 authored by Yalu Zhang's avatar Yalu Zhang

Asterisk config: enable transport TLS in SIP

- Add cert and private key files besides ca file
- Set cipher methods to ALL by default
- By default, disable the verification of certificate from the proxy, i.e. TLS server
parent f68f0f3e
......@@ -52,10 +52,12 @@ tcpenable=|TCPENABLE|
tlsenable=|TLSENABLE|
tlsbindaddr=0.0.0.0
tlsdontverifyserver=no
tlsdontverifyserver=yes
tlscipher=|TLSCIPHER|
tlsclientmethod=|TLSCLIENTMETHOD|
tlscafile=/var/etc/asterisk/ssl/ca.pem
tlscafile=/etc/asterisk/ssl/ca.pem
tlscertfile=/etc/asterisk/ssl/cert.pem
tlsprivatekey=/etc/asterisk/ssl/privatekey.pem
transport=udp|TCPTRANSPORT||TLSTRANSPORT|
......
......@@ -109,8 +109,8 @@ config sip_advanced 'sip_options'
option registertimeoutguardlimit '30'
option registertimeoutguardpct '0.2'
option defaultexpiry '300'
option tls_version 'tlsv1'
option tls_cipher 'des-cbc3-sha'
option tls_version 'sslv2'
option tls_cipher 'ALL'
option stun_server ''
option dnsmgr 'no'
option dnsmgr_refresh_interval '300'
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment