[SR-Users] Re: TLS1.2 ciphers

Hello, if you are using the standard tls module (not e.g. tlsa etc..) there should not be a need to compile it differently. Have you checked if maybe you have a conflicting setting in main kamailio configuration and dedicated tls.cfg file? Probably also worth to check against which tls library the “tls.so” module is linked against, maybe you have multiple openssl libraries on that machine. Cheers, Henning From: Sergiu Pojoga &lt;pojogas(a)gmail.com&gt; Sent: Freitag, 14. April 2023 21:56 To: Kamailio (SER) - Users Mailing List &lt;sr-users(a)lists.kamailio.org&gt; Subject: [SR-Users] Re: TLS1.2 ciphers Tried to no positive result. Still getting "SSL3_GET_CLIENT_HELLO:no shared cipher" error and server doesn't list any ECDHE suite ciphers. I don't see it that way. Nmap test shows TLSv1.2 is supported, but missing the desired ECDHE cipher suite. Also, some less stringent clients in terms of ciphers do connect fine over TLS1.2 Tried - didn't make a diff. I guess the question here boils down to the following: if local OpenSSL lists the ciphers as supported, why does a locally compiled Kamailio doesn't support them? Is there a way to compile Kamailio's TLS module differently to overcome this? Thanks. On Fri, Apr 14, 2023 at 2:34 PM Lukas Tribus <lukas@ltri.eu<mailto:lukas@ltri.eu>> wrote: Hello, From the docs [1] "TLSv1.2+" seems to require openssl v1.1.1 at least. Can you try "TLSv1.1+" or "TLSv1.2" instead? Lukas [1] https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.tls_method __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org<mailto:sr-users-leave@lists.kamailio.org> Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: