| | 1 | Usage (optional): |
| | 2 | Append DH parameters into the private key file (privkey_file), for example [http://www.opensource.apple.com/source/OpenSSL098/OpenSSL098-35.1/src/apps/dh2048.pem?txt here] for ephemeral DH (DHE). Ephemeral ECDH (ECDHE) works |
| | 3 | automatically. Without specifying a cipher-suite, |
| | 4 | # openssl ciphers -v DEFAULT |
| | 5 | is used. Consider reordering or disabling certain suites. Make sure to set |
| | 6 | the 'method' parameter to the value 'sslv23' because this disables SSL 2.0 |
| | 7 | and is the only way to enable TLS 1.2 in pjsip, currently. TLS 1.2 is |
| | 8 | required to enable AES-GCM cipher-suites. |
| | 9 | |
| | 10 | Drawback: |
| | 11 | For Java clients, go for a 1024bit parameter file, or |
| | 12 | disable DHE via 'cipher', or put ECDHE high in priority (of 'cipher'). |
| | 13 | |
| | 14 | Speed: |
| | 15 | With a mobile phone from 2006 (Nokia E61), DHE/3DES and a 2048bit parameter, |
| | 16 | the speed penalty is about 0,5 seconds per connection setup. |
![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
