Murmur server stuck in TLS 1.0 rather than 1.2

How to do...

Murmur server stuck in TLS 1.0 rather than 1.2

Postby zifnab » Tue May 30, 2017 12:43 pm

hi.
here is my (working) setup:
- server side: headless (armv7) arch linux murmur 1.2.19
- client side: up to date murmur 1.3 x64 snapshot (win10 pro x64)
when connected from the client to this server and looking at the server information box, it says TLS 1.0 and NO perfect forward secrecy...
when my client connect to third party yet older murmur servers, it says: TLS 1.2 with perfect forward secrecy.

what's wrong with my server. how can I change that?
- sslCiphers order in murmur.ini?
- reset the murmur server auto-generated certificate? (cannot find how to do that for the server in the wiki: I can only find for the client...)
- anything else?

thx for any help.
zifnab
 
Posts: 2
Joined: Fri May 19, 2017 10:49 pm

Re: Murmur server stuck in TLS 1.0 rather than 1.2

Postby mkrautz » Sun Jun 04, 2017 10:28 am

Hi,

The problem is that Mumble 1.2.x in Linux distros is built against a stock Qt 4.

Our official binaries (as well as some operating systems, such as OpenBSD) use a patch for Qt 4 that allows it to use TLS 1.2. No Linux distros have picked up this patch, to my knowledge.

But as I said, our official 1.2.x binaries all carry the ability to negotiate TLS 1.2.

If you can get a "mumble-git" or "mumble-snapshot" version for your distro, you should also be good to go, since this version is built against Qt 5, which supports TLS 1.2.

Unfortunately, we only provide our static Murmur Linux binaries for x86 at present, so I don't think that's much help for you, on ARM.
mkrautz
Team member
Team member
 
Posts: 200
Joined: Wed Sep 23, 2009 4:57 pm

Re: Murmur server stuck in TLS 1.0 rather than 1.2

Postby zifnab » Sun Jun 04, 2017 1:25 pm

ok, thx for your help.
so based on your answer, and out of this list: one of the following should do (I just checked which one mention qt5 instead of qt4 in their dependencies, and still mention armv7h in their pkgbuild file):
- murmur-git (it's 1.3.0, but git tags seem to be the reason why this gets mislabeled as 1.2.5)
- murmur-snapshot-minimal
- murmur-snapshot-ice
btw, those are all based on 1.3.0, hence the switch to qt5.
not sure if murmur-static would have work, but since it doesn't support armv7h this one is a dead end for my armv7h based setup.

I'll let you know how it goes once I switch (or I might wait for the official 1.3.0 release which doesn't look that far away(TM) ;)), but with what you told me, this should definitely do the trick.

thanks again.
zifnab
 
Posts: 2
Joined: Fri May 19, 2017 10:49 pm


Return to Usage

Who is online

Users browsing this forum: No registered users and 1 guest

cron