Jump to content
Mumble forums

Murmur server stuck in TLS 1.0 rather than 1.2


zifnab
 Share

Recommended Posts

hi.

here is my (working) setup:

- server side: headless (armv7) arch linux murmur 1.2.19

- client side: up to date murmur 1.3 x64 snapshot (win10 pro x64)

when connected from the client to this server and looking at the server information box, it says TLS 1.0 and NO perfect forward secrecy...

when my client connect to third party yet older murmur servers, it says: TLS 1.2 with perfect forward secrecy.


what's wrong with my server. how can I change that?

- sslCiphers order in murmur.ini?

- reset the murmur server auto-generated certificate? (cannot find how to do that for the server in the wiki: I can only find for the client...)

- anything else?


thx for any help.

Link to comment
Share on other sites

  • Administrators

Hi,


The problem is that Mumble 1.2.x in Linux distros is built against a stock Qt 4.


Our official binaries (as well as some operating systems, such as OpenBSD) use a patch for Qt 4 that allows it to use TLS 1.2. No Linux distros have picked up this patch, to my knowledge.


But as I said, our official 1.2.x binaries all carry the ability to negotiate TLS 1.2.


If you can get a "mumble-git" or "mumble-snapshot" version for your distro, you should also be good to go, since this version is built against Qt 5, which supports TLS 1.2.


Unfortunately, we only provide our static Murmur Linux binaries for x86 at present, so I don't think that's much help for you, on ARM.

Link to comment
Share on other sites

ok, thx for your help.

so based on your answer, and out of this list: one of the following should do (I just checked which one mention qt5 instead of qt4 in their dependencies, and still mention armv7h in their pkgbuild file):

- murmur-git (it's 1.3.0, but git tags seem to be the reason why this gets mislabeled as 1.2.5)

- murmur-snapshot-minimal

- murmur-snapshot-ice

btw, those are all based on 1.3.0, hence the switch to qt5.

not sure if murmur-static would have work, but since it doesn't support armv7h this one is a dead end for my armv7h based setup.

I'll let you know how it goes once I switch (or I might wait for the official 1.3.0 release which doesn't look that far away ;)), but with what you told me, this should definitely do the trick.


thanks again.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...