From 4a7bceb4d68b64e189fe2f096fde98141b43eaba Mon Sep 17 00:00:00 2001
From: Brian West <brian@freeswitch.org>
Date: Thu, 6 Feb 2014 08:58:48 -0600
Subject: [PATCH] Update in-config docs

---
 conf/vanilla/sip_profiles/internal.xml |  5 ++++-
 conf/vanilla/vars.xml                  | 15 ++++++++++++---
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/conf/vanilla/sip_profiles/internal.xml b/conf/vanilla/sip_profiles/internal.xml
index d243c7bb29..eeebf05610 100644
--- a/conf/vanilla/sip_profiles/internal.xml
+++ b/conf/vanilla/sip_profiles/internal.xml
@@ -206,9 +206,12 @@
     <param name="tls-verify-depth" value="2"/>
     <!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe -->
     <param name="tls-verify-in-subjects" value=""/>
-    <!-- TLS version ("sslv23" (default), "tlsv1"). NOTE: Phones may not work with TLSv1 -->
+    <!-- TLS version default: tlsv1,tlsv1.1,tlsv1.2 -->
     <param name="tls-version" value="$${sip_tls_version}"/>
 
+    <!-- TLS ciphers default: ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH  -->
+    <param name="tls-ciphers" value="$${sip_tls_ciphers}"/>
+
     <!-- turn on auto-flush during bridge (skip timer sleep when the socket already has data)
          (reduces delay on latent connections default true, must be disabled explicitly)-->
     <!--<param name="rtp-autoflush-during-bridge" value="false"/>-->
diff --git a/conf/vanilla/vars.xml b/conf/vanilla/vars.xml
index 8c8d0cf90c..5d3d22548b 100644
--- a/conf/vanilla/vars.xml
+++ b/conf/vanilla/vars.xml
@@ -270,10 +270,19 @@
   <X-PRE-PROCESS cmd="set" data="default_provider_contact=5000"/>
 
   <!--
-      SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
-  -->
-  <X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1"/>
+     SIP and TLS settings. http://wiki.freeswitch.org/wiki/Tls
+     
+     valid options: sslv2,sslv3,sslv23,tlsv1,tlsv1.1,tlsv1.2
 
+     default: tlsv1,tlsv1.1,tlsv1.2
+  -->
+  <X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1,tlsv1.1,tlsv1.2"/>
+
+  <!--
+     TLS cipher suite: default ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
+  -->
+  <X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/>
+  
   <!-- Internal SIP Profile -->
   <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true"/>
   <X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/>