Commit Graph

13 Commits

Author SHA1 Message Date
Sebastian Kemper 70d1cbafe4 [gentls_cert] Update message digest
Debian Buster updated /etc/ssl/openssl.cnf to default to

MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=2

gentls_cert currently uses SHA1 as message digest. According to OpenSSL
documentation this only offers 80 bit of security. 80 bits is enough for
security level 1, but not 2.

The OpenSSL default MD nowadays is SHA256. This commit updates
gentls_cert to use it.

Issue was reported on the FS mailing list. The certificates created by
gentls_cert caused "md too weak" errors and clients were unable to
connect.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2019-11-13 20:40:42 +01:00
Sebastian Kemper b784fd535b FS-10055: Fix gentls_cert script to use "@certsdir@"
Currently gentls_cert uses "@prefix@/conf/ssl". But FreeSWITCH's
configure script provides "@certsdir@", so let's use that instead.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2017-02-19 11:33:32 +01:00
Brian West 86f9029b98 Revert changes from FS-5719, You'll have to make these changes yourself locally if you want these types of certificates 2014-07-18 07:52:26 -05:00
Brian West 8b7c351fa4 FS-5719 --resolve 2013-08-21 11:29:48 -05:00
Brian West bf2fc31aee FS-5695 --resolve 2013-08-21 11:21:04 -05:00
Brian West c583224be1 FS-4375 --resolve 2012-07-02 14:30:39 -05:00
Brian West 2ec02e5445 FS-3890 2012-03-01 13:22:52 -06:00
Brian West faf40311c6 FS-3777: --resolve 2011-12-22 13:58:25 -06:00
Brian West 408f28df07 FSBUILD-216
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@15965 d0543943-73ff-0310-b7d9-9358b9ac24b2
2009-12-15 14:34:43 +00:00
Stefan Knoblich 87d8e4eda4 Add -days option to set expiration time of certificates in gentls_cert
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@13825 d0543943-73ff-0310-b7d9-9358b9ac24b2
2009-06-17 23:11:19 +00:00
Stefan Knoblich e1027f3967 More gentls_cert improvements: check for usable CA and improve confirmation prompt in create command
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@7266 d0543943-73ff-0310-b7d9-9358b9ac24b2
2008-01-17 14:37:45 +00:00
Stefan Knoblich df5ea7f602 Add -out option to specify filename for new cert, some other minor improvements
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@7265 d0543943-73ff-0310-b7d9-9358b9ac24b2
2008-01-17 10:14:54 +00:00
Stefan Knoblich 24248ae102 Add gentls_cert script to create a CA and certificate for mod_sofia TLS
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@7234 d0543943-73ff-0310-b7d9-9358b9ac24b2
2008-01-15 14:53:05 +00:00