3 Apr
2024
3 Apr
'24
5:15 p.m.
Hello Brothers,
I've installed kamailio throw "apt install" on Debian and it's installed
version: kamailio 5.6.3 (x86_64/linux).
Now I've a big problem that kamailio cannot running with TLSv1 and it has to be
TLSv1.2+ as tls.cfg doc said:
# We do not enable anything else than TLSv1.2+
# over the public internet. Clients do not have
# to present client certificates by default.
How could I avoid this restriction please to enable TLSv1?
Thank you,
3 Apr
3 Apr
5:33 p.m.
Kamailio can run TLS V1.
It's insecure, but you can use:
Sets the TLS protocol method. Possible values are:
-
*TLSv1.3+* - TLSv1.3 or newer (TLSv1.3, ...) connections are accepted
(available starting with openssl/libssl v1.1.1)
-
*TLSv1.3* - only TLSv1.3 connections are accepted (available starting
with openssl/libssl v1.1.1)
-
*TLSv1.2+* - TLSv1.2 or newer (TLSv1.3, ...) connections are accepted
(available starting with openssl/libssl v1.1.1)
-
*TLSv1.2* - only TLSv1.2 connections are accepted (available starting
with openssl/libssl v1.0.1e)
-
*TLSv1.1+* - TLSv1.1 or newer (TLSv1.2, ...) connections are accepted
(available starting with openssl/libssl v1.0.1)
-
*TLSv1.1* - only TLSv1.1 connections are accepted (available starting
with openssl/libssl v1.0.1)
-
*TLSv1+* - TLSv1.0 or newer (TLSv1.1, TLSv1.2, ...) connections are
accepted.
-
*TLSv1* - only TLSv1 (TLSv1.0) connections are accepted. This is the
default value.
-
*SSLv3* - only SSLv3 connections are accepted. Note: you shouldn't use
SSLv3 for anything which should be secure.
-
*SSLv2* - only SSLv2 connections, for old clients. Note: you shouldn't
use SSLv2 for anything which should be secure. Newer versions of OpenSSL
libraries don't include support for it anymore.
-
*SSLv23* - any of the SSLv2, SSLv3 and TLSv1 or newer methods will be
accepted.
*Atenciosamente,*
*Neimar Lima de Ávila | Desenvolvimento | **Virtual Sistemas Ltda /
VSGroup.*
Avenida Alvares Cabral, 1830 - Lourdes - CEP:30.170-001 - Bhte/MG
Tel: (31)3245-6213 - Ramal 2016 | Cel: (31)98495-2402
www.virtualsistemas.com.br | *neimar.avila(a)vsgroup.com.br
<neimar.avila(a)vsgroup.com.br>*
*Preserve o Meio Ambiente! Pense Antes de Imprimir*
Os dados transmitidos nesta mensagem destinam-se exclusivamente a(s)
pessoa(s) mencionada(s) e contém informações confidenciais,
legalmente protegidas, para conhecimento exclusivo do(s) destinatário(s).O
exame, retransmissão, divulgação, leitura, cópia ou outro uso
desta correspondência, por pessoas, físicas ou jurídicas, que não o(s)
destinatário(s), constituirá obtenção de dados por meio ilícito,
configurando ofensa ao Art. 5°, inciso XII, da CF/88.
Em qua., 3 de abr. de 2024 às 11:31, Omar Atef via sr-users <
sr-users(a)lists.kamailio.org> escreveu:
Hello Brothers,
I've installed kamailio throw "apt install" on Debian and it's
installed
version: kamailio 5.6.3 (x86_64/linux).
Now I've a big problem that kamailio cannot running with TLSv1 and it has
to be TLSv1.2+ as tls.cfg doc said:
# We do not enable anything else than TLSv1.2+
# over the public internet. Clients do not have
# to present client certificates by default.
How could I avoid this restriction please to enable TLSv1?
Thank you,
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
4 Apr
4 Apr
11:12 a.m.
Well, I've tried all versions lower than "TLSv1.2" and it didn't work
just Kamailio running fine without activating TLS.
Also I wonder if there's a way to bug TLS SIP messages throw Kamailio itself because
as you know it doesn't appear in "sngrep".
Thanks,
1:46 p.m.
SIPTRACE module and SNGREP for TLS Capture:
https://www.voztovoice.org/?q=node/3020
Spanish
---
I'm SoCIaL, MayBe
El 4/04/2024 a las 3:12 a. m., Omar Atef via sr-users escribió:
Well, I've tried all versions lower than
"TLSv1.2" and it didn't work just Kamailio running fine without activating
TLS.
Also I wonder if there's a way to bug TLS SIP messages throw Kamailio itself because
as you know it doesn't appear in "sngrep".
Thanks,
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
5 Apr
5 Apr
6:47 a.m.
Check how libssl3 is configured in /etc/ssl/openssl.cnf.
You may need:
[system_default_sect]
MinProtocol = TLSv1.0
CipherString = ALL@SECLEVEL=0
From: https://serverfault.com/questions/1143995/tls-1-0-broken-with-newer-debian-…
Regards
Richard
15 Aug
15 Aug
5:08 a.m.
Didn't activate TLS v1 or didn't activate TLS at all? Do you have anything
like the following in your configuration?
enable_tls = yes
loadmodule "tls"
modparam( "tls", "config", "/etc/kamailio/tls.cfg"
)
On Thu, 4 Apr 2024 at 21:27, Omar Atef via sr-users <
sr-users(a)lists.kamailio.org> wrote:
Well, I've tried all versions lower than
"TLSv1.2" and it didn't work just
Kamailio running fine without activating TLS.
Also I wonder if there's a way to bug TLS SIP messages throw Kamailio
itself because as you know it doesn't appear in "sngrep".
Thanks,
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
--
David Cunningham, Voisonics Limited
http://voisonics.com/
USA: +1 213 221 1092
New Zealand: +64 (0)28 2558 3782
85
days inactive
219
days old
5 comments
5 participants
participants (5)
-
David Cunningham -
Neimar Lima De Avila -
o.atef@fiberme.com -
Richard Chan -
Social Boh