 |
Virus-free. www.avast.com |
Hello,
Thank you both for your responses to my query about TLS cipher suites supported by Kamailio 4.3.4. When I used a self-signed certificate generated from an RSA key, the server selected the RSA-AES256-GCM-SHA384 cipher suite for the connection. When I used a self-signed certificate generated from an EC key, the server selected the ECDH-ECDSA-AES256-GCM-SHA384 cipher suite for the connection. This was confirmed using the OpenSSL s_client command and with Wireshark. In short, I am still unable to establish an ECDHE ephemeral key exchange even though the OpenSSL version 1.0.2g on Lubuntu 16.4.3 supports it. So I must not have the correct configuration of the TLS module for Kamailio 4.3.4 or else need to generate some other kind of key/certificate. I'm using the Kamailio and TLS config files that came with the package downloads, minimally modified to enable TLS and specify the file location of the key and certificate. I googled "ephemeral key exchange" and came across a posting on Stack Exchange talking about commands such as SSL_CTX_set_temp_ecdh_callback that enable ephemeral key exchange. This command is not listed as a configuration setting in the TLS module man-page so I assume it is a coding command used within the module. In any case, I'd appreciate any further suggestions.
Thanks,
Steve