Hello,
can you see what are the supported cypher advertised by kamailio with
tls? Next link should provide some options to do it, searching on web
should reveal more:
-
https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-sui…
Cheers,
Daniel
On 05.01.18 16:40, Steve wrote:
Hello,
Thank you both for your responses to my query about TLS cipher suites
supported by Kamailio 4.3.4. When I used a self-signed certificate
generated from an RSA key, the server selected the
RSA-AES256-GCM-SHA384 cipher suite for the connection. When I used a
self-signed certificate generated from an EC key, the server selected
the ECDH-ECDSA-AES256-GCM-SHA384 cipher suite for the connection. This
was confirmed using the OpenSSL /s_client/ command and with Wireshark.
In short, I am still unable to establish an ECDHE ephemeral key
exchange even though the OpenSSL version 1.0.2g on Lubuntu 16.4.3
supports it. So I must not have the correct configuration of the TLS
module for Kamailio 4.3.4 or else need to generate some other kind of
key/certificate. I'm using the Kamailio and TLS config files that
came with the package downloads, minimally modified to enable TLS and
specify the file location of the key and certificate. I googled
"ephemeral key exchange" and came across a posting on Stack Exchange
talking about commands such as /SSL_CTX_set_temp_ecdh_callback/ that
enable ephemeral key exchange. This command is not listed as a
configuration setting in the TLS module man-page so I assume it is a
coding command used within the module. In any case, I'd appreciate any
further suggestions.
Thanks,
Steve
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon>
Virus-free.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
www.twitter.com/miconda --
www.linkedin.com/in/miconda
Kamailio Advanced Training - March 5-7, 2018, Berlin -
www.asipto.com
Kamailio World Conference - May 14-16, 2018 -
www.kamailioworld.com