Changes between Initial Version and Version 2 of Ticket #1765


Ignore:
Timestamp:
May 2, 2014 10:45:56 AM (8 years ago)
Author:
ming
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1765

    • Property Status changed from new to closed
    • Property Resolution changed from to fixed
  • Ticket #1765 – Description

    initial v2  
     1Usage (optional): 
     2Append DH parameters into the private key file (privkey_file), for example [http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt here] for ephemeral DH (DHE). Ephemeral ECDH (ECDHE) works 
     3automatically. Without specifying a cipher-suite, 
     4# openssl ciphers -v DEFAULT 
     5is used. Consider reordering or disabling certain suites. Make sure to set 
     6the 'method' parameter to the value 'sslv23' because this disables SSL 2.0 
     7and is the only way to enable TLS 1.2 in pjsip, currently. TLS 1.2 is 
     8required to enable AES-GCM cipher-suites. 
     9 
     10Drawback: 
     11For Java clients, go for a 1024bit parameter file, or 
     12disable DHE via 'cipher', or put ECDHE high in priority (of 'cipher'). 
     13 
     14Speed: 
     15With a mobile phone from 2006 (Nokia E61), DHE/3DES and a 2048bit parameter, 
     16the speed penalty is about 0,5 seconds per connection setup.