Official Mumble VoIP Forums

Murmur server stuck in TLS 1.0 rather than 1.2

How to do...
hi.
here is my (working) setup:
- server side: headless (armv7) arch linux murmur 1.2.19
- client side: up to date murmur 1.3 x64 snapshot (win10 pro x64)
when connected from the client to this server and looking at the server information box, it says TLS 1.0 and NO perfect forward secrecy...
when my client connect to third party yet older murmur servers, it says: TLS 1.2 with perfect forward secrecy.

what's wrong with my server. how can I change that?
- sslCiphers order in murmur.ini?
- reset the murmur server auto-generated certificate? (cannot find how to do that for the server in the wiki: I can only find for the client...)
- anything else?

thx for any help.
Hi,

The problem is that Mumble 1.2.x in Linux distros is built against a stock Qt 4.

Our official binaries (as well as some operating systems, such as OpenBSD) use a patch for Qt 4 that allows it to use TLS 1.2. No Linux distros have picked up this patch, to my knowledge.

But as I said, our official 1.2.x binaries all carry the ability to negotiate TLS 1.2.

If you can get a "mumble-git" or "mumble-snapshot" version for your distro, you should also be good to go, since this version is built against Qt 5, which supports TLS 1.2.

Unfortunately, we only provide our static Murmur Linux binaries for x86 at present, so I don't think that's much help for you, on ARM.
ok, thx for your help.
so based on your answer, and out of this list: one of the following should do (I just checked which one mention qt5 instead of qt4 in their dependencies, and still mention armv7h in their pkgbuild file):
- murmur-git (it's 1.3.0, but git tags seem to be the reason why this gets mislabeled as 1.2.5)
- murmur-snapshot-minimal
- murmur-snapshot-ice
btw, those are all based on 1.3.0, hence the switch to qt5.
not sure if murmur-static would have work, but since it doesn't support armv7h this one is a dead end for my armv7h based setup.

I'll let you know how it goes once I switch (or I might wait for the official 1.3.0 release which doesn't look that far away(TM) ;)), but with what you told me, this should definitely do the trick.

thanks again.