<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hello All,</p>

    <p>Thank you for your responses. I've upgraded from Kamailio 4.3.4

      to Kamailio 5.1, which does support ECDHE ciphers. So you can

      close out this query about TLS cipher suites.  Thanks again. <br>

    </p>

    <br>

    <div class="moz-cite-prefix">On 1/9/2018 7:32 AM, Daniel-Constantin

      Mierla wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:753c2624-6750-594f-65ba-3f30aa6b6949@gmail.com">

      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

      <p>Hello,</p>

      <p>can you see what are the supported cypher advertised by

        kamailio with tls? Next link should provide some options to do

        it, searching on web should reveal more:</p>

      <p>  - <a class="moz-txt-link-freetext"

href="https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers"

          moz-do-not-send="true">https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers</a><br>

      </p>

      <p>Cheers,<br>

        Daniel<br>

      </p>

      <br>

      <div class="moz-cite-prefix">On 05.01.18 16:40, Steve wrote:<br>

      </div>

      <blockquote type="cite"

        cite="mid:21c8cd0c-0d80-efb1-52f4-d35c248f8728@zoho.com">

        <meta http-equiv="content-type" content="text/html;

          charset=utf-8">

        <p>Hello,</p>

        <p>Thank you both for your responses to my query about TLS

          cipher suites supported by Kamailio 4.3.4. When I used a

          self-signed certificate generated from an RSA key, the server

          selected the RSA-AES256-GCM-SHA384 cipher suite for the

          connection. When I used a self-signed certificate generated

          from an EC key, the server selected the

          ECDH-ECDSA-AES256-GCM-SHA384 cipher suite for the connection.

          This was confirmed using the OpenSSL <i>s_client</i> command

          and with Wireshark. In short, I am still unable to establish

          an ECDHE ephemeral key exchange even though the OpenSSL

          version 1.0.2g on Lubuntu 16.4.3 supports it. So I must not

          have the correct configuration of the TLS module for Kamailio

          4.3.4 or else need to generate some other kind of

          key/certificate.  I'm using the Kamailio and TLS config files

          that came with the package downloads, minimally modified to

          enable TLS and specify the file location of the key and

          certificate. I googled "ephemeral key exchange" and came

          across a posting on Stack Exchange talking about commands such

          as <i>SSL_CTX_set_temp_ecdh_callback</i> that enable

          ephemeral key exchange. This command is not listed as a

          configuration setting in the TLS module man-page so I assume

          it is a coding command used within the module. In any case,

          I'd appreciate any further suggestions.</p>

        <p>Thanks,</p>

        <p>Steve  <br>

        </p>

        <div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br>

          <table style="border-top: 1px solid #D3D4DE;">

            <tbody>

              <tr>

                <td style="width: 55px; padding-top: 13px;"><a

href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon"

                    target="_blank" moz-do-not-send="true"><img

src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif"

                      alt="" style="width: 46px; height: 29px;"

                      moz-do-not-send="true" height="29" width="46"></a></td>

                <td style="width: 470px; padding-top: 12px; color:

                  #41424e; font-size: 13px; font-family: Arial,

                  Helvetica, sans-serif; line-height: 18px;">Virus-free.

                  <a

href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link"

                    target="_blank" style="color: #4453ea;"

                    moz-do-not-send="true">www.avast.com</a> </td>

              </tr>

            </tbody>

          </table>

          <a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1"

            height="1" moz-do-not-send="true"> </a></div>

        <br>

        <fieldset class="mimeAttachmentHeader"></fieldset>

        <br>

        <pre wrap="">_______________________________________________

Kamailio (SER) - Users Mailing List

<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org" moz-do-not-send="true">sr-users@lists.kamailio.org</a>

<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

      </blockquote>

      <br>

      <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla

<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda" moz-do-not-send="true">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda" moz-do-not-send="true">www.linkedin.com/in/miconda</a>

Kamailio Advanced Training - March 5-7, 2018, Berlin - <a class="moz-txt-link-abbreviated" href="http://www.asipto.com" moz-do-not-send="true">www.asipto.com</a>

Kamailio World Conference - May 14-16, 2018 - <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com" moz-do-not-send="true">www.kamailioworld.com</a></pre>

    </blockquote>

    <br>

  </body>

</html>