Hello,
Please keep the list in CC.
Regarding opening new TLS 1.3 connection, this should work, but did not tested it right now. If not, open an issue on our tracker.
Regarding the option to restrict to only TSLv1.3 connection - I have added support for configuring this to git master version in commit 105600b3.
Maybe you can give it a try, the patch should probably apply to 5.6.x branch.
Cheers,
Henning
From: Helio hok.sh10@gmail.com Sent: Wednesday, August 17, 2022 2:52 PM To: Henning Westerholt hw@gilawa.com Subject: Re: [SR-Users] TLSv1.3 support
Regarding the full support, I would like to know if Kamailio can start a TLSv1.3 connection as a client. Another point is if we can restrict to accept only TLS v1.3 and not TLSv1.2 for instance.
Thanks, Helio
Em ter., 16 de ago. de 2022 às 11:45, Henning Westerholt <hw@gilawa.commailto:hw@gilawa.com> escreveu: Hello,
not sure about the question about “full support”, maybe you can add details.
Kamailio supports connection with TLSv1.3:
$ openssl s_client -connect kam04.tst.domain.net:5061http://kam04.tst.domain.net:5061 -tls1_3 2>&1 | tail -n 10 New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
Cheers,
Henning
From: sr-users <sr-users-bounces@lists.kamailio.orgmailto:sr-users-bounces@lists.kamailio.org> On Behalf Of Helio Sent: Monday, August 15, 2022 8:01 PM To: sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org Subject: [SR-Users] TLSv1.3 support
Hello, I noticed that Kamailio has option TLSv1.2+. Does the Kamailio support full TLSv1.3? Or does it have any restrictions? BR,
For completeness – there is also another commit which is necessary: c73a4127dfab6 This is work in progress, but tests are always welcome.
From: Henning Westerholt Sent: Wednesday, August 17, 2022 3:59 PM To: Helio hok.sh10@gmail.com Cc: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: RE: [SR-Users] TLSv1.3 support
Hello,
Please keep the list in CC.
Regarding opening new TLS 1.3 connection, this should work, but did not tested it right now. If not, open an issue on our tracker.
Regarding the option to restrict to only TSLv1.3 connection - I have added support for configuring this to git master version in commit 105600b3.
Maybe you can give it a try, the patch should probably apply to 5.6.x branch.
Cheers,
Henning
From: Helio <hok.sh10@gmail.commailto:hok.sh10@gmail.com> Sent: Wednesday, August 17, 2022 2:52 PM To: Henning Westerholt <hw@gilawa.commailto:hw@gilawa.com> Subject: Re: [SR-Users] TLSv1.3 support
Regarding the full support, I would like to know if Kamailio can start a TLSv1.3 connection as a client. Another point is if we can restrict to accept only TLS v1.3 and not TLSv1.2 for instance.
Thanks, Helio
Em ter., 16 de ago. de 2022 às 11:45, Henning Westerholt <hw@gilawa.commailto:hw@gilawa.com> escreveu: Hello,
not sure about the question about “full support”, maybe you can add details.
Kamailio supports connection with TLSv1.3:
$ openssl s_client -connect kam04.tst.domain.net:5061http://kam04.tst.domain.net:5061 -tls1_3 2>&1 | tail -n 10 New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
Cheers,
Henning
From: sr-users <sr-users-bounces@lists.kamailio.orgmailto:sr-users-bounces@lists.kamailio.org> On Behalf Of Helio Sent: Monday, August 15, 2022 8:01 PM To: sr-users@lists.kamailio.orgmailto:sr-users@lists.kamailio.org Subject: [SR-Users] TLSv1.3 support
Hello, I noticed that Kamailio has option TLSv1.2+. Does the Kamailio support full TLSv1.3? Or does it have any restrictions? BR,
-
Henning Westerholt