[SR-Users] TLS1.2 ciphers

Hi gang, Trying to figure out why Kamailio won't negotiate specific TLS1.2 ciphers, such as for example TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 i.e. *ECDHE-RSA-AES256-GCM-SHA384* OpenSSL lists the cipher as supported, however Kamailio won't negotiate it: # nmap --script ssl-enum-ciphers -p 5061 mysbc.domain.com PORT STATE SERVICE 5061/tcp open sip-tls | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C | TLS_RSA_WITH_RC4_128_MD5 (rsa 2048) - C | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C | compressors: | NULL | cipher preference: server | warnings: | 64-bit block cipher 3DES vulnerable to SWEET32 attack | Broken cipher RC4 is deprecated by RFC 7465 | Ciphersuite uses MD5 for message integrity |_ least strength: C OS: - outdated Debian 8 Jessie - OpenSSL 1.0.1t 3 May 2016 - openssl ciphers -v | grep '*ECDHE-RSA-AES256-GCM-SHA384*' - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD # kamailio -V version: kamailio 5.5.6 (x86_64/linux) ad1244 flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. compiled on 21:08:20 Apr 13 2023 with gcc 4.9.2 modparam("tls", "cipher_list", "ALL") method = TLSv1.2+ Elliptic Curve Diffie-Hellman (EDCH) <https://kamailio.org/docs/modules/devel/modules/tls.html#tls.compile>-Ciphers are only supported in OpenSSL 1.0.0e and later. Any suggestions? Thanks.