[h323plus] [Openh323gk-users] Config changes in the upcoming GnuGk 3.5

Simon Horne s.horne at spranto.com
Mon Dec 16 07:41:53 EST 2013


Just to add.

H.460.22 has been added to GnuGk to allow H.323 devices to negotiate when to
use TLS.

There has been a flurry of commits in h323plus CVS over the last few days to
support the security features for GnuGk 3.5.

GnuGk and H323plus now support TLS with H.460.22 negotiation and AES256
media encryption up to 8192bits (8k).
H.460.17 has also been updated to support TLS so Registration, Call
signaling and  tunneled media (H.460.26) can now be carried over a single
persistent TLS connection. 

The simple application in the samples directory in the h323plus CVS has been
update and can be used to test the new functionality.

Simon


-----Original Message-----
From: Jan Willamowius [mailto:jan at willamowius.de] 
Sent: 16 December 2013 22:13
To: openh323gk-users at lists.sourceforge.net
Subject: [Openh323gk-users] Config changes in the upcoming GnuGk 3.5

Hi,

usually I try hard to keep every new GnuGk version configuration compatible
with all previous versions, so you can simply drop in new versions. I'll try
to keep it that way, but version 3.5 will have a few changes that might
require a config update for a few people.

- The default for the call signal port will change from 1721 to 1720.
  If you already have the CallSignalPort= switch in your config, you
  are all set. If not, you should add it now.

- GnuGk 3.5 will have a very high standard for the TLS ciphers it
  accepts. Especially if you were signing your certs using a SHA1 hash,
  you should consider using certs with SHA256 now or downgrade GnuGk's
  security settings with the [TLS] CipherList= switch.

- If you are using GnuGk to add RTP encryption to your calls, the
  H235HalfCallMediaStrength= switch has been replaced with the
  H235HalfCallMaxTokenLength= switch so you can not only choose
  between AES128 and AES256, but also which DH token length you want.
  Depending on how H323Plus was compiled, GnuGk will now support up to
  8K DH keys according to the new version of H.235.6 that just being
  agreed on in the ITU.

As you might have guessed from this post version 3.5 is close, so if you
have any pending issues with GnuGk, let us know, so we can get them fixed
for 3.5.

Regards,
Jan

--
Jan Willamowius, Founder of the GNU Gatekeeper Project EMail  :
jan at willamowius.de
Website: http://www.gnugk.org
Support: http://www.willamowius.com/gnugk-support.html

Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584

----------------------------------------------------------------------------
--
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________________

Posting: mailto:Openh323gk-users at lists.sourceforge.net
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users
Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users
Homepage: http://www.gnugk.org/





More information about the h323plus mailing list