
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hello,</p>

    <p>can you see what are the supported cypher advertised by kamailio

      with tls? Next link should provide some options to do it,

      searching on web should reveal more:</p>

    <p>  -

<a class="moz-txt-link-freetext" href="https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers">https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers</a><br>

    </p>

    <p>Cheers,<br>

      Daniel<br>

    </p>

    <br>

    <div class="moz-cite-prefix">On 05.01.18 16:40, Steve wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:21c8cd0c-0d80-efb1-52f4-d35c248f8728@zoho.com">

      <meta http-equiv="content-type" content="text/html; charset=utf-8">

      <p>Hello,</p>

      <p>Thank you both for your responses to my query about TLS cipher

        suites supported by Kamailio 4.3.4. When I used a self-signed

        certificate generated from an RSA key, the server selected the

        RSA-AES256-GCM-SHA384 cipher suite for the connection. When I

        used a self-signed certificate generated from an EC key, the

        server selected the ECDH-ECDSA-AES256-GCM-SHA384 cipher suite

        for the connection. This was confirmed using the OpenSSL <i>s_client</i>

        command and with Wireshark. In short, I am still unable to

        establish an ECDHE ephemeral key exchange even though the

        OpenSSL version 1.0.2g on Lubuntu 16.4.3 supports it. So I must

        not have the correct configuration of the TLS module for

        Kamailio 4.3.4 or else need to generate some other kind of

        key/certificate.  I'm using the Kamailio and TLS config files

        that came with the package downloads, minimally modified to

        enable TLS and specify the file location of the key and

        certificate. I googled "ephemeral key exchange" and came across

        a posting on Stack Exchange talking about commands such as <i>SSL_CTX_set_temp_ecdh_callback</i>

        that enable ephemeral key exchange. This command is not listed

        as a configuration setting in the TLS module man-page so I

        assume it is a coding command used within the module. In any

        case, I'd appreciate any further suggestions.</p>

      <p>Thanks,</p>

      <p>Steve  <br>

      </p>

      <div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br>

        <table style="border-top: 1px solid #D3D4DE;">

          <tbody>

            <tr>

              <td style="width: 55px; padding-top: 13px;"><a

href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon"

                  target="_blank" moz-do-not-send="true"><img

src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif"

                    alt="" style="width: 46px; height: 29px;"

                    moz-do-not-send="true" width="46" height="29"></a></td>

              <td style="width: 470px; padding-top: 12px; color:

                #41424e; font-size: 13px; font-family: Arial, Helvetica,

                sans-serif; line-height: 18px;">Virus-free. <a

href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link"

                  target="_blank" style="color: #4453ea;"

                  moz-do-not-send="true">www.avast.com</a> </td>

            </tr>

          </tbody>

        </table>

        <a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1"

          height="1" moz-do-not-send="true"> </a></div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

Kamailio (SER) - Users Mailing List

<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>

<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla

<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>

Kamailio Advanced Training - March 5-7, 2018, Berlin - <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>

Kamailio World Conference - May 14-16, 2018 - <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a></pre>

  </body>

</html>