14 Apr
2023
14 Apr
'23
9:11 p.m.
Hello,
OS:
outdated Debian 8 Jessie
OpenSSL 1.0.1t 3 May 2016
openssl ciphers -v | grep 'ECDHE-RSA-AES256-GCM-SHA384'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
# kamailio -V
version: kamailio 5.5.6 (x86_64/linux) ad1244
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST,
DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY,
USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR,
USE_DST_BLOCKLIST, HAVE_RESOLV_RES
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535,
DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
compiled on 21:08:20 Apr 13 2023 with gcc 4.9.2
modparam("tls", "cipher_list", "ALL")
method = TLSv1.2+
Elliptic Curve Diffie-Hellman (EDCH)-Ciphers are only supported in OpenSSL 1.0.0e and
later.
Any suggestions?
From the docs [1] "TLSv1.2+" seems to require openssl v1.1.1 at least.
Can you try "TLSv1.1+" or "TLSv1.2" instead?
Lukas
[1] https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.tls_method