Hello, Thank you both for your responses to my query about TLS cipher suites supported by Kamailio 4.3.4. When I used a self-signed certificate generated from an RSA key, the server selected the RSA-AES256-GCM-SHA384 cipher suite for the connection. When I used a self-signed certificate generated from an EC key, the server selected the ECDH-ECDSA-AES256-GCM-SHA384 cipher suite for the connection. This was confirmed using the OpenSSL /s_client/ command and with Wireshark. In short, I am still unable to establish an ECDHE ephemeral key exchange even though the OpenSSL version 1.0.2g on Lubuntu 16.4.3 supports it. So I must not have the correct configuration of the TLS module for Kamailio 4.3.4 or else need to generate some other kind of key/certificate.  I'm using the Kamailio and TLS config files that came with the package downloads, minimally modified to enable TLS and specify the file location of the key and certificate. I googled "ephemeral key exchange" and came across a posting on Stack Exchange talking about commands such as /SSL_CTX_set_temp_ecdh_callback/ that enable ephemeral key exchange. This command is not listed as a configuration setting in the TLS module man-page so I assume it is a coding command used within the module. In any case, I'd appreciate any further suggestions. Thanks, Steve  <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> Virus-free. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> _______________________________________________ Kamailio (SER) - Users Mailing List sr-users(a)lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users