Hello,
can you see what are the supported cypher advertised by kamailio with tls? Next link should provide some options to do it, searching on web should reveal more:
- https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suit...
Cheers, Daniel
On 05.01.18 16:40, Steve wrote:
Hello,
Thank you both for your responses to my query about TLS cipher suites supported by Kamailio 4.3.4. When I used a self-signed certificate generated from an RSA key, the server selected the RSA-AES256-GCM-SHA384 cipher suite for the connection. When I used a self-signed certificate generated from an EC key, the server selected the ECDH-ECDSA-AES256-GCM-SHA384 cipher suite for the connection. This was confirmed using the OpenSSL /s_client/ command and with Wireshark. In short, I am still unable to establish an ECDHE ephemeral key exchange even though the OpenSSL version 1.0.2g on Lubuntu 16.4.3 supports it. So I must not have the correct configuration of the TLS module for Kamailio 4.3.4 or else need to generate some other kind of key/certificate. I'm using the Kamailio and TLS config files that came with the package downloads, minimally modified to enable TLS and specify the file location of the key and certificate. I googled "ephemeral key exchange" and came across a posting on Stack Exchange talking about commands such as /SSL_CTX_set_temp_ecdh_callback/ that enable ephemeral key exchange. This command is not listed as a configuration setting in the TLS module man-page so I assume it is a coding command used within the module. In any case, I'd appreciate any further suggestions.
Thanks,
Steve
https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon Virus-free. www.avast.com https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users