10 Jan
2024
10 Jan
'24
7:06 a.m.
On Wednesday 10 January 2024, marek via sr-users <
sr-users(a)lists.kamailio.org> wrote:
hi,
i'm trying force cipher list through options like
modparam("tls", "cipher_list",
"TLS_RSA_WITH_AES_256_CBC_SHA256")
modparam("tls", "cipher_list", "RSA")
You are trying a RSA cipher.
...
but
ssldump -i enp2s0 port 5061 shows every time
ServerHello
Version 3.3
In TLS 1.2
session_id[0]=
cipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
But the negotiated cipher suggest that you have an ECC certificate.
In TLSv1.2 and older, ciphers available are dependent on the certificate
type (RSA vs ECC).
In TLSv1.3 its all different again and the certificate doesn't matter for
cipher negotiation.
Get a RSA (2048bit) certificate instead of a ECC one from Let's Encrypt,
then you should be able to use those ciphers.
Lukas