Hello,
Thank you both for your responses to my query about TLS cipher suites
supported by Kamailio 4.3.4. When I used a self-signed certificate
generated from an RSA key, the server selected the RSA-AES256-GCM-SHA384
cipher suite for the connection. When I used a self-signed certificate
generated from an EC key, the server selected the
ECDH-ECDSA-AES256-GCM-SHA384 cipher suite for the connection. This was
confirmed using the OpenSSL /s_client/ command and with Wireshark. In
short, I am still unable to establish an ECDHE ephemeral key exchange
even though the OpenSSL version 1.0.2g on Lubuntu 16.4.3 supports it. So
I must not have the correct configuration of the TLS module for Kamailio
4.3.4 or else need to generate some other kind of key/certificate. I'm
using the Kamailio and TLS config files that came with the package
downloads, minimally modified to enable TLS and specify the file
location of the key and certificate. I googled "ephemeral key exchange"
and came across a posting on Stack Exchange talking about commands such
as /SSL_CTX_set_temp_ecdh_callback/ that enable ephemeral key exchange.
This command is not listed as a configuration setting in the TLS module
man-page so I assume it is a coding command used within the module. In
any case, I'd appreciate any further suggestions.
Thanks,
Steve
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus