New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add option to disable SSLv3 #220
Comments
SSLv3 (and SSLv2) are unconditionally disabled by default. You can see that in the code here: According to the changelog, SSLv2 was removed in 4.4.1.1, and SSLv3 in 4.5.0.3: |
Thanks for the reply.
Before I disabled TLSv1 and v1.1 coturn also reported loading of keys for those protocols. Therefore I assumed that it still supports SSL23 since it is reporting the keys being loaded. |
Indeed, that does seem confusing. I do not quite understand why it creates that context, though... |
Vote to get this confusion fixed: https://help.nextcloud.com/t/howto-setup-nextcloud-talk-with-turn-server/30794/41?u=michaing |
i vote too. |
As of today, openssl-1.1.1 and above have SSLv3 explicitly disabled (need to recompile openssl to enable it) |
By default coturn seems to support SSLv3, TLSv1, TLSv1.1, TLSv1.2.
There are options to disable the newer protocol versions ("--no-tlsv1", "--no-tlsv1_1", and "--no-tlsv1_2") but there does not seem to be an option to disable to old SSLv3 ("--no-ssl23" ?).
It would be nice to have than option to selectively disable support for SSLv3.
The text was updated successfully, but these errors were encountered: