Just to add. H.460.22 has been added to GnuGk to allow H.323 devices to negotiate when to use TLS. There has been a flurry of commits in h323plus CVS over the last few days to support the security features for GnuGk 3.5. GnuGk and H323plus now support TLS with H.460.22 negotiation and AES256 media encryption up to 8192bits (8k). H.460.17 has also been updated to support TLS so Registration, Call signaling and tunneled media (H.460.26) can now be carried over a single persistent TLS connection. The simple application in the samples directory in the h323plus CVS has been update and can be used to test the new functionality. Simon -----Original Message----- From: Jan Willamowius [mailto:jan@willamowius.de] Sent: 16 December 2013 22:13 To: openh323gk-users@lists.sourceforge.net Subject: [Openh323gk-users] Config changes in the upcoming GnuGk 3.5 Hi, usually I try hard to keep every new GnuGk version configuration compatible with all previous versions, so you can simply drop in new versions. I'll try to keep it that way, but version 3.5 will have a few changes that might require a config update for a few people. - The default for the call signal port will change from 1721 to 1720. If you already have the CallSignalPort= switch in your config, you are all set. If not, you should add it now. - GnuGk 3.5 will have a very high standard for the TLS ciphers it accepts. Especially if you were signing your certs using a SHA1 hash, you should consider using certs with SHA256 now or downgrade GnuGk's security settings with the [TLS] CipherList= switch. - If you are using GnuGk to add RTP encryption to your calls, the H235HalfCallMediaStrength= switch has been replaced with the H235HalfCallMaxTokenLength= switch so you can not only choose between AES128 and AES256, but also which DH token length you want. Depending on how H323Plus was compiled, GnuGk will now support up to 8K DH keys according to the new version of H.235.6 that just being agreed on in the ITU. As you might have guessed from this post version 3.5 is close, so if you have any pending issues with GnuGk, let us know, so we can get them fixed for 3.5. Regards, Jan -- Jan Willamowius, Founder of the GNU Gatekeeper Project EMail : jan@willamowius.de Website: http://www.gnugk.org Support: http://www.willamowius.com/gnugk-support.html Relaxed Communications GmbH Frahmredder 91 22393 Hamburg Geschäftsführer: Jan Willamowius HRB 125261 (Amtsgericht Hamburg) USt-IdNr: DE286003584 ---------------------------------------------------------------------------- -- Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________________ Posting: mailto:Openh323gk-users@lists.sourceforge.net Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/