Hi, is there any way to configure the tls curve like secp384r1 in the config? I use actually version 4.2.4 On the other side i can't see any connection Information in the logs. I would like to see something like: "Connected with TLSv1.1 using cipher ECDHE-RSA-AES256-GCM-SHA384 and curve secp384r1" With this logs the variety of the offered ciphers can be shortened to the most secure and only needed by the clients.
Regard T.Tributh
Hello,
On 11/04/15 14:54, Tributh wrote:
Hi, is there any way to configure the tls curve like secp384r1 in the config? I use actually version 4.2.4 On the other side i can't see any connection Information in the logs. I would like to see something like: "Connected with TLSv1.1 using cipher ECDHE-RSA-AES256-GCM-SHA384 and curve secp384r1" With this logs the variety of the offered ciphers can be shortened to the most secure and only needed by the clients.
you can restrict the used ciphers via parameter in config or tls.cfg:
- http://kamailio.org/docs/modules/4.2.x/modules/tls.html#tls.p.cipher_list
Iirc, Carsten Bock added support for ECDH about one year ago, so it should be supported in 4.2.
Cheers, Daniel
-
Daniel-Constantin Mierla -
Tributh