You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently our SSL sock unit test is quite obsolete, since it involves tests to SSLv2, 3 and TLS 1.0, 1.1, which have been deprecated.
The choice of cipher tested is also outdated since AES-256-CBC is not supported in TLS 1.3 due to vulnerabilities such as BEAST, Lucky 13.
Steps to reproduce
N/A
PJSIP version
2.15.1
Context
N/A
Log, call stack, etc
N/A
Note
Perhaps completely removing TLS 1.0 & 1.1 (and unsafe ciphers) support is not a good idea for now as perhaps the adaptation of the deprecation is lagging (many still use them). It is just we need to consider to promote TLS 1.2 & 1.3 more (e.g: verify if we support them on all backends, avoid using TLS 1.1/older as the default, unit test involves TLS 1.2/1.3 & safe ciphers more).
The text was updated successfully, but these errors were encountered:
Describe the bug
Currently our SSL sock unit test is quite obsolete, since it involves tests to SSLv2, 3 and TLS 1.0, 1.1, which have been deprecated.
The choice of cipher tested is also outdated since
AES-256-CBCis not supported in TLS 1.3 due to vulnerabilities such as BEAST, Lucky 13.Steps to reproduce
N/A
PJSIP version
2.15.1
Context
N/A
Log, call stack, etc
Note
Perhaps completely removing TLS 1.0 & 1.1 (and unsafe ciphers) support is not a good idea for now as perhaps the adaptation of the deprecation is lagging (many still use them). It is just we need to consider to promote TLS 1.2 & 1.3 more (e.g: verify if we support them on all backends, avoid using TLS 1.1/older as the default, unit test involves TLS 1.2/1.3 & safe ciphers more).
The text was updated successfully, but these errors were encountered: