Re: [sipxcom-users] TLS 1.0

[Joegen Baclor]

Unfortunately, this is hardcoded in sipXportLib.  See https://github.com/sipXcom/sipxecs/blob/release-16.02/sipXportLib/src/os/OsSSL.cpp#L84.  sipX will always allow negotiation of TLSV1 to pass and this is really intentional.   The pbx needs to be able to communicate with legacy endpoints with outdated ssl support.   Maybe you can convince some of the developers to make this configurable in the future.

On Thu, Jun 14, 2018 at 7:18 AM, Charles Chalekson <chal...@gmail.com> wrote:

Newbie trying to understand a security issue.  I have to run a PCI check on my office network and is failing because it says TLS is version 1.0 and needs be to at least 1.2.  I think this failure is coming from the sipxcom linux server, which shows 1.0.1e on a version check.  Has anyone else had to update their phone server and is this easy?  Yum shows no packages marked for update.

--
You received this message because you are subscribed to the Google Groups "sipxcom-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sipxcom-users+unsubscribe@googlegroups.com.
To post to this group, send email to sipxco...@googlegroups.com.
Visit this group at https://groups.google.com/group/sipxcom-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/sipxcom-users/aa94ea23-fc6c-4f46-b146-cc54e2d1fcf9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Charles Chalekson]

Thank you

On Saturday, June 16, 2018 at 7:50:43 AM UTC-7, JBaclor wrote:

Unfortunately, this is hardcoded in sipXportLib.  See https://github.com/sipXcom/sipxecs/blob/release-16.02/sipXportLib/src/os/OsSSL.cpp#L84.  sipX will always allow negotiation of TLSV1 to pass and this is really intentional.   The pbx needs to be able to communicate with legacy endpoints with outdated ssl support.   Maybe you can convince some of the developers to make this configurable in the future.

On Thu, Jun 14, 2018 at 7:18 AM, Charles Chalekson <chal...@gmail.com> wrote:

Newbie trying to understand a security issue.  I have to run a PCI check on my office network and is failing because it says TLS is version 1.0 and needs be to at least 1.2.  I think this failure is coming from the sipxcom linux server, which shows 1.0.1e on a version check.  Has anyone else had to update their phone server and is this easy?  Yum shows no packages marked for update.

--
You received this message because you are subscribed to the Google Groups "sipxcom-users" group.

To unsubscribe from this group and stop receiving emails from it, send an email to sipxcom-user...@googlegroups.com.