Hello Brothers,
I've installed kamailio throw "apt install" on Debian and it's installed version: kamailio 5.6.3 (x86_64/linux).
Now I've a big problem that kamailio cannot running with TLSv1 and it has to be TLSv1.2+ as tls.cfg doc said: # We do not enable anything else than TLSv1.2+ # over the public internet. Clients do not have # to present client certificates by default.
How could I avoid this restriction please to enable TLSv1?
Thank you,
Kamailio can run TLS V1. It's insecure, but you can use:
Sets the TLS protocol method. Possible values are:
-
*TLSv1.3+* - TLSv1.3 or newer (TLSv1.3, ...) connections are accepted (available starting with openssl/libssl v1.1.1) -
*TLSv1.3* - only TLSv1.3 connections are accepted (available starting with openssl/libssl v1.1.1) -
*TLSv1.2+* - TLSv1.2 or newer (TLSv1.3, ...) connections are accepted (available starting with openssl/libssl v1.1.1) -
*TLSv1.2* - only TLSv1.2 connections are accepted (available starting with openssl/libssl v1.0.1e) -
*TLSv1.1+* - TLSv1.1 or newer (TLSv1.2, ...) connections are accepted (available starting with openssl/libssl v1.0.1) -
*TLSv1.1* - only TLSv1.1 connections are accepted (available starting with openssl/libssl v1.0.1) -
*TLSv1+* - TLSv1.0 or newer (TLSv1.1, TLSv1.2, ...) connections are accepted. -
*TLSv1* - only TLSv1 (TLSv1.0) connections are accepted. This is the default value. -
*SSLv3* - only SSLv3 connections are accepted. Note: you shouldn't use SSLv3 for anything which should be secure. -
*SSLv2* - only SSLv2 connections, for old clients. Note: you shouldn't use SSLv2 for anything which should be secure. Newer versions of OpenSSL libraries don't include support for it anymore. -
*SSLv23* - any of the SSLv2, SSLv3 and TLSv1 or newer methods will be accepted.
*Atenciosamente,* *Neimar Lima de Ávila | Desenvolvimento | **Virtual Sistemas Ltda / VSGroup.* Avenida Alvares Cabral, 1830 - Lourdes - CEP:30.170-001 - Bhte/MG Tel: (31)3245-6213 - Ramal 2016 | Cel: (31)98495-2402 www.virtualsistemas.com.br | *neimar.avila@vsgroup.com.br neimar.avila@vsgroup.com.br*
*Preserve o Meio Ambiente! Pense Antes de Imprimir* Os dados transmitidos nesta mensagem destinam-se exclusivamente a(s) pessoa(s) mencionada(s) e contém informações confidenciais, legalmente protegidas, para conhecimento exclusivo do(s) destinatário(s).O exame, retransmissão, divulgação, leitura, cópia ou outro uso desta correspondência, por pessoas, físicas ou jurídicas, que não o(s) destinatário(s), constituirá obtenção de dados por meio ilícito, configurando ofensa ao Art. 5°, inciso XII, da CF/88.
Em qua., 3 de abr. de 2024 às 11:31, Omar Atef via sr-users < sr-users@lists.kamailio.org> escreveu:
Hello Brothers,
I've installed kamailio throw "apt install" on Debian and it's installed version: kamailio 5.6.3 (x86_64/linux).
Now I've a big problem that kamailio cannot running with TLSv1 and it has to be TLSv1.2+ as tls.cfg doc said: # We do not enable anything else than TLSv1.2+ # over the public internet. Clients do not have # to present client certificates by default.
How could I avoid this restriction please to enable TLSv1?
Thank you, __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Well, I've tried all versions lower than "TLSv1.2" and it didn't work just Kamailio running fine without activating TLS.
Also I wonder if there's a way to bug TLS SIP messages throw Kamailio itself because as you know it doesn't appear in "sngrep".
Thanks,
SIPTRACE module and SNGREP for TLS Capture:
https://www.voztovoice.org/?q=node/3020
Spanish
--- I'm SoCIaL, MayBe
El 4/04/2024 a las 3:12 a. m., Omar Atef via sr-users escribió:
Well, I've tried all versions lower than "TLSv1.2" and it didn't work just Kamailio running fine without activating TLS.
Also I wonder if there's a way to bug TLS SIP messages throw Kamailio itself because as you know it doesn't appear in "sngrep".
Thanks, __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Check how libssl3 is configured in /etc/ssl/openssl.cnf.
You may need:
[system_default_sect] MinProtocol = TLSv1.0 CipherString = ALL@SECLEVEL=0
From: https://serverfault.com/questions/1143995/tls-1-0-broken-with-newer-debian-o...
Regards
Richard
Didn't activate TLS v1 or didn't activate TLS at all? Do you have anything like the following in your configuration?
enable_tls = yes loadmodule "tls" modparam( "tls", "config", "/etc/kamailio/tls.cfg" )
On Thu, 4 Apr 2024 at 21:27, Omar Atef via sr-users < sr-users@lists.kamailio.org> wrote:
Well, I've tried all versions lower than "TLSv1.2" and it didn't work just Kamailio running fine without activating TLS.
Also I wonder if there's a way to bug TLS SIP messages throw Kamailio itself because as you know it doesn't appear in "sngrep".
Thanks, __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
-
David Cunningham -
Neimar Lima De Avila -
o.atef@fiberme.com -
Richard Chan -
Social Boh