When a client connects to a server via SSL/TLS, the server commonly utilizes an
RSA key-pair. However, other such algorithms exist (i.e. DSA and ECDSA), and if
the server socket is configured with a certificate for either one of those, it
would lose its compatibility with RSA-only clients.
Now, the server socket can be configured with up to one RSA, ECDSA and DSA key
each. For example, if a client is not compatible with SHA-2 hashed certificates
like Nokia mobile phones, the server socket still can use RSA/SHA-1 for legacy
clients and ECDSA/SHA-2 for everyone else.
ASTERISK-24815 #close
Reported by: Alexander Traud
patches:
tls_rsa_ecc_dsa.patch uploaded by Alexander Traud (License 6520)
Change-Id: Iada5e00d326db5ef86e0af7069b4dfa1b979da9a
Configuration of DTLS in the general section will be applied to any users
or peers. If configuration exists at their level it overrides the general
section values.
ASTERISK-24128 #close
Reported by: Michael K.
patches:
dtls_default_settings.patch submitted by Michael K. (license 6621)
Review: https://reviewboard.asterisk.org/r/3867/
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@427950 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Users now have the ability to bind the rtpengine instance to a specific IP
address. For example, you want chan_sip (call control) on eth0 but rtp (media)
on eth1.
ASTERISK-24280 #close
Reported by: Paul Belanger
Tested by: Paul Belanger
Review: https://reviewboard.asterisk.org/r/3952/
Patches:
rtpengine.diff uploaded by Paul Belanger
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@422241 65c4cc65-6c06-0410-ace0-fbb531ad65f3
