<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Federico, Thank you<div class=""><br class=""></div><div class="">I added these lines to my config:</div><div class=""><br class=""></div><div class=""><div class="">#!ifdef WITH_TLS</div><div class=""># ----- tls params -----</div><div class="">modparam("tls","config","/usr/local/etc/kamailio/tls.cfg")</div><div class="">modparam("tls", "cipher_list", "HIGH")</div><div class="">modparam("tls", "tls_method", "TLSv1.2+")</div><div class="">#!endif</div></div><div class=""><br class=""></div><div class="">But it still doesn’t work.  </div><div class=""><br class=""></div><div class="">I ran this test, but it still says:</div><div class=""><br class=""></div><div class=""><table class="reportTable" style="border-collapse: collapse; width: 850px; margin: 0px 10px 0px 0px; padding: 0px; font-size: 12px; line-height: 20px; font-family: Arial, Helvetica, sans-serif; orphans: 2; widows: 2; background-color: rgb(253, 253, 253);"><thead class=""><tr class=""><td id="suitesHeading" class="tableHead" colspan="3" style="color: rgb(0, 157, 223); font-weight: bold; padding-bottom: 5px; vertical-align: middle; border-bottom: 2px solid rgb(198, 210, 212); font-size: 13px;">Cipher Suites</td></tr></thead><tbody id="suitesBody" class=""><tr class="tableSeparator"><td class="tableSubHead" colspan="3" style="color: rgb(0, 157, 223); font-weight: bold; padding-bottom: 5px; vertical-align: middle; padding-top: 15px; border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(198, 210, 212);"><span class="hideIcon" cipher="cipher1" id="hidecipher1" style="text-align: center; display: block; width: 14px; height: 14px; cursor: pointer; float: right;"><img src="https://www.ssllabs.com/images/collapse.png" width="14" height="14" style="border: none;" class=""></span><div class="reportSubHeading" style="float: left; width: 825px;"># TLS 1.0 (suites in server-preferred order)</div></td></tr></tbody><tbody class="cipher1Block"><tr class="tableRow"><td class="tableLeft" style="padding: 3px 0px; border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(240, 240, 240); vertical-align: middle;"><font color="#F88017" class="">TLS_RSA_WITH_AES_256_CBC_SHA (<code class="">0x35</code>)   <b class="">WEAK</b></font></td><td class="tableRight" style="width: 50px; text-align: right; padding: 3px 0px; border-bottom: 1px solid rgb(240, 240, 240); vertical-align: middle;"><font color="#F88017" class="">256</font></td></tr><tr class="tableRow"><td class="tableLeft" style="padding: 3px 0px; border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(240, 240, 240); vertical-align: middle;"><font color="#F88017" class="">TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (<code class="">0x84</code>)   <b class="">WEAK</b></font></td><td class="tableRight" style="width: 50px; text-align: right; padding: 3px 0px; border-bottom: 1px solid rgb(240, 240, 240); vertical-align: middle;"><font color="#F88017" class="">256</font></td></tr><tr class="tableRow"><td class="tableLeft" style="padding: 3px 0px; border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(240, 240, 240); vertical-align: middle;"><font color="#F88017" class="">TLS_RSA_WITH_AES_128_CBC_SHA (<code class="">0x2f</code>)   <b class="">WEAK</b></font></td><td class="tableRight" style="width: 50px; text-align: right; padding: 3px 0px; border-bottom: 1px solid rgb(240, 240, 240); vertical-align: middle;"><font color="#F88017" class="">128</font></td></tr><tr class="tableRow"><td class="tableLeft" style="padding: 3px 0px; border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(240, 240, 240); vertical-align: middle;"><font color="#F88017" class="">TLS_RSA_WITH_SEED_CBC_SHA (<code class="">0x96</code>)   <b class="">WEAK</b></font></td><td class="tableRight" style="width: 50px; text-align: right; padding: 3px 0px; border-bottom: 1px solid rgb(240, 240, 240); vertical-align: middle;"><font color="#F88017" class="">128</font></td></tr><tr class="tableRow"><td class="tableLeft" style="padding: 3px 0px; border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(240, 240, 240); vertical-align: middle;"><font color="#F88017" class="">TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (<code class="">0x41</code>)   <b class="">WEAK</b></font></td><td class="tableRight" style="width: 50px; text-align: right; padding: 3px 0px; border-bottom: 1px solid rgb(240, 240, 240); vertical-align: middle;"><font color="#F88017" class="">128</font></td></tr><tr class="tableRow"><td class="tableLeft" style="padding: 3px 0px; border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(240, 240, 240); vertical-align: middle;"><font color="red" class="">TLS_RSA_WITH_RC4_128_SHA (<code class="">0x5</code>)   <b class="">INSECURE</b></font></td><td class="tableRight" style="width: 50px; text-align: right; padding: 3px 0px; border-bottom: 1px solid rgb(240, 240, 240); vertical-align: middle;"><font color="red" class="">128</font></td></tr><tr class="tableRow"><td class="tableLeft" style="padding: 3px 0px; border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(240, 240, 240); vertical-align: middle;"><font color="red" class="">TLS_RSA_WITH_RC4_128_MD5 (<code class="">0x4</code>)   <b class="">INSECURE</b></font></td><td class="tableRight" style="width: 50px; text-align: right; padding: 3px 0px; border-bottom: 1px solid rgb(240, 240, 240); vertical-align: middle;"><font color="red" class="">128</font></td></tr><tr class="tableRow"><td class="tableLeft" style="padding: 3px 0px; border-bottom-width: 1px; border-bottom-style: solid; border-bottom-color: rgb(240, 240, 240); vertical-align: middle;"><font color="#F88017" class="">TLS_RSA_WITH_3DES_EDE_CBC_SHA (<code class="">0xa</code>)   <b class="">WEAK</b></font></td></tr></tbody></table><div class=""><br class=""></div><div class=""><br class=""></div>I don’t know how to get rid of the insecure ones. </div><div class=""><br class=""></div><div class="">Best Regards,</div><div class="">Arik<br class=""><div class=""><br class=""></div></div><div class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 10 Dec 2019, at 9:03, Federico Cabiddu <<a href="mailto:federico.cabiddu@gmail.com" class="">federico.cabiddu@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Hi,<div class="">for enabling a specific set of ciphers have a look at tls module's cipher_list param: <a href="http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.cipher_list" class="">http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.cipher_list</a>.</div><div class="">For supporting specific versions of TLS look at tls_method param: <a href="http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.tls_method" class="">http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.tls_method</a>.</div><div class=""><br class=""></div><div class="">Cheers,</div><div class=""><br class=""></div><div class="">Federico</div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Dec 10, 2019 at 7:30 AM Arik Halperin <<a href="mailto:arik.halperin@s3code.com" class="">arik.halperin@s3code.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;" class="">Hello,<div class=""><br class=""></div><div class="">How can I disable:</div><div class=""><br class=""></div><div class=""><font color="#F88017" class=""><br class=""></font><font color="red" class="">TLS_RSA_WITH_RC4_128_SHA (<code class="">0x5</code>)   <b class="">INSECURE</b></font><font color="red" class="">128</font></div><div class=""><font color="red" class=""><br class=""></font></div><div class=""><font color="red" class="">TLS_RSA_WITH_RC4_128_MD5 (<code class="">0x4</code>)   <b class="">INSECURE</b></font><font color="red" class="">128</font></div><div class=""><font color="#F88017" class=""><br class=""></font></div><div class="">What should I put in cypher_list in order to disable the above?</div><div class=""><br class=""></div><div class="">I would also like support TLS 1.2 and TLS 1.3, but remove support for 1.0 and 1.1</div><div class=""><br class=""></div><div class="">Thanks,</div><div class="">Arik Halperin</div></div>_______________________________________________<br class="">
Kamailio (SER) - Users Mailing List<br class="">
<a href="mailto:sr-users@lists.kamailio.org" target="_blank" class="">sr-users@lists.kamailio.org</a><br class="">
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank" class="">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br class="">
</blockquote></div>
_______________________________________________<br class="">Kamailio (SER) - Users Mailing List<br class=""><a href="mailto:sr-users@lists.kamailio.org" class="">sr-users@lists.kamailio.org</a><br class="">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users<br class=""></div></blockquote></div><br class=""></div></body></html>