TLS

Supports SSL v23 and TLS v1.

The default ciphersuite is export-restriction friendly. TODO: confirm with Rohan.

      AES256-SHA              SSLv3 Kx=RSA       Au=RSA  Enc=AES(256)  Mac=SHA1
      AES128-SHA              SSLv3 Kx=RSA       Au=RSA  Enc=AES(128)  Mac=SHA1
      DHE-DSS-AES256-SHA      SSLv3 Kx=DH        Au=DSS  Enc=AES(256)  Mac=SHA1
      DHE-DSS-AES128-SHA      SSLv3 Kx=DH        Au=DSS  Enc=AES(128)  Mac=SHA1
      DES-CBC3-SHA            SSLv3 Kx=RSA       Au=RSA  Enc=3DES(168) Mac=SHA1
      EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH        Au=DSS  Enc=3DES(168) Mac=SHA1

When validating a peer name, we can accept both subjectAltNames (preferred) and cnames (we can accept standard wildcards, TODO: need to confirm)

Domain names are compared using cname validation policy as specified in SSL and TLS: Designing and Building Secure Systems (Rescorla).

As a server, when you add the TLS transport, you give it a domain. There must be a domain cert and domain key in the security object for that domain. These can be stored in the file system or installed into the OS-specific cert management system.

You can set the passphrase on the security object using a callback.

If connect as a client, you will always validate the cert. If you provide a domain name, you'll require a cert from the peer.

When you connect with a TLS connection with a domain, mutual authentication is supported if the remote party asks for the cert.

repro TLS authentication

• see the page TLSAuthentication
  • for an example of mutual authentication, see the page ReproMutualTLSAuthenticationJitsi