davidswalkabout at gma...
Guest
|
 Posted: Tue Jan 05, 2021 5:30 pm Post subject: [Freeswitch-users] TLS 1.3 with verto |
 |
|
We use FS 10.5 on Debian for verto calls with setting sip_tls_version=tlsv1.2 and an apache2 reverse proxy for WebSocket logins so there's no port number in the WSS url so there should be no problem with restrictive firewalls for WSS login.
In recent months we've seen some of the login attempts timeout, and there's nothing in the FS log at debug level to indicate why. But after a few minutes, verto's reattempts succeed in logging in. Has anyone else experienced this and found the cause?
I thought I found the reason in our apache error.log, because it shows that some access attempts use TLSv1.3. I tried to get apache to reject these by switching its config to...
SSLProtocol -all +TLSv1.2
...but the TLSv1.3 attempts still behave the same. (Also, although these attempts appear in error.log, there's no hint about why they are in this log instead of access.log.)
Can someone confirm that FS 10.5 doesn't yet support TLSv1.3?
Cheers,
David |
|
Search
