<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Federico, thanks<div class=""><br class=""></div><div class="">Did the changes in the file. It’s fixed.</div><div class=""><br class=""></div><div class="">Arik<br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 22 Dec 2019, at 19:28, Federico Cabiddu <<a href="mailto:federico.cabiddu@gmail.com" class="">federico.cabiddu@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">Hi Arik,<div class="">I think that the problem is that you are using a configuration file for tls.</div><div class="">In this case you have to specify there the parameters like ciphers, because the module's ones will be ignored: <a href="http://www.kamailio.org/docs/modules/5.3.x/modules/tls.html#tls.p.config" class="">http://www.kamailio.org/docs/modules/5.3.x/modules/tls.html#tls.p.config</a>.</div><div class=""><br class=""></div><div class="">Cheers,</div><div class=""><br class=""></div><div class="">Federico</div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Dec 22, 2019 at 6:16 PM Arik Halperin <<a href="mailto:arik.halperin@s3code.com" class="">arik.halperin@s3code.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;" class="">Federico, Thank you<div class=""><br class=""></div><div class="">I added these lines to my config:</div><div class=""><br class=""></div><div class=""><div class="">#!ifdef WITH_TLS</div><div class=""># ----- tls params -----</div><div class="">modparam("tls","config","/usr/local/etc/kamailio/tls.cfg")</div><div class="">modparam("tls", "cipher_list", "HIGH")</div><div class="">modparam("tls", "tls_method", "TLSv1.2+")</div><div class="">#!endif</div></div><div class=""><br class=""></div><div class="">But it still doesn’t work.  </div><div class=""><br class=""></div><div class="">I ran this test, but it still says:</div><div class=""><br class=""></div><div class=""><table style="border-collapse:collapse;width:850px;margin:0px 10px 0px 0px;padding:0px;font-size:12px;line-height:20px;font-family:Arial,Helvetica,sans-serif;background-color:rgb(253,253,253)" class=""><thead class=""><tr class=""><td id="gmail-m_2815738791719816572suitesHeading" colspan="3" style="color:rgb(0,157,223);font-weight:bold;padding-bottom:5px;vertical-align:middle;border-bottom:2px solid rgb(198,210,212);font-size:13px" class="">Cipher Suites</td></tr></thead><tbody id="gmail-m_2815738791719816572suitesBody" class=""><tr class=""><td colspan="3" style="color:rgb(0,157,223);font-weight:bold;padding-bottom:5px;vertical-align:middle;padding-top:15px;border-bottom:1px solid rgb(198,210,212)" class=""><span id="gmail-m_2815738791719816572hidecipher1" style="text-align:center;display:block;width:14px;height:14px;float:right" class=""><img src="https://www.ssllabs.com/images/collapse.png" width="14" height="14" style="border: none;" class=""></span><div style="float:left;width:825px" class=""># TLS 1.0 (suites in server-preferred order)</div></td></tr></tbody><tbody class=""><tr class=""><td style="padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="#F88017" class="">TLS_RSA_WITH_AES_256_CBC_SHA (<code class="">0x35</code>)   <b class="">WEAK</b></font></td><td style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="#F88017" class="">256</font></td></tr><tr class=""><td style="padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="#F88017" class="">TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (<code class="">0x84</code>)   <b class="">WEAK</b></font></td><td style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="#F88017" class="">256</font></td></tr><tr class=""><td style="padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="#F88017" class="">TLS_RSA_WITH_AES_128_CBC_SHA (<code class="">0x2f</code>)   <b class="">WEAK</b></font></td><td style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="#F88017" class="">128</font></td></tr><tr class=""><td style="padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="#F88017" class="">TLS_RSA_WITH_SEED_CBC_SHA (<code class="">0x96</code>)   <b class="">WEAK</b></font></td><td style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="#F88017" class="">128</font></td></tr><tr class=""><td style="padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="#F88017" class="">TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (<code class="">0x41</code>)   <b class="">WEAK</b></font></td><td style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="#F88017" class="">128</font></td></tr><tr class=""><td style="padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="red" class="">TLS_RSA_WITH_RC4_128_SHA (<code class="">0x5</code>)   <b class="">INSECURE</b></font></td><td style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="red" class="">128</font></td></tr><tr class=""><td style="padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="red" class="">TLS_RSA_WITH_RC4_128_MD5 (<code class="">0x4</code>)   <b class="">INSECURE</b></font></td><td style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="red" class="">128</font></td></tr><tr class=""><td style="padding:3px 0px;border-bottom:1px solid rgb(240,240,240);vertical-align:middle" class=""><font color="#F88017" class="">TLS_RSA_WITH_3DES_EDE_CBC_SHA (<code class="">0xa</code>)   <b class="">WEAK</b></font></td></tr></tbody></table><div class=""><br class=""></div><div class=""><br class=""></div>I don’t know how to get rid of the insecure ones. </div><div class=""><br class=""></div><div class="">Best Regards,</div><div class="">Arik<br class=""><div class=""><br class=""></div></div><div class=""><div class=""><br class=""><blockquote type="cite" class=""><div class="">On 10 Dec 2019, at 9:03, Federico Cabiddu <<a href="mailto:federico.cabiddu@gmail.com" target="_blank" class="">federico.cabiddu@gmail.com</a>> wrote:</div><br class=""><div class=""><div dir="ltr" class="">Hi,<div class="">for enabling a specific set of ciphers have a look at tls module's cipher_list param: <a href="http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.cipher_list" target="_blank" class="">http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.cipher_list</a>.</div><div class="">For supporting specific versions of TLS look at tls_method param: <a href="http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.tls_method" target="_blank" class="">http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.tls_method</a>.</div><div class=""><br class=""></div><div class="">Cheers,</div><div class=""><br class=""></div><div class="">Federico</div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Dec 10, 2019 at 7:30 AM Arik Halperin <<a href="mailto:arik.halperin@s3code.com" target="_blank" class="">arik.halperin@s3code.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="">Hello,<div class=""><br class=""></div><div class="">How can I disable:</div><div class=""><br class=""></div><div class=""><font color="#F88017" class=""><br class=""></font><font color="red" class="">TLS_RSA_WITH_RC4_128_SHA (<code class="">0x5</code>)   <b class="">INSECURE</b></font><font color="red" class="">128</font></div><div class=""><font color="red" class=""><br class=""></font></div><div class=""><font color="red" class="">TLS_RSA_WITH_RC4_128_MD5 (<code class="">0x4</code>)   <b class="">INSECURE</b></font><font color="red" class="">128</font></div><div class=""><font color="#F88017" class=""><br class=""></font></div><div class="">What should I put in cypher_list in order to disable the above?</div><div class=""><br class=""></div><div class="">I would also like support TLS 1.2 and TLS 1.3, but remove support for 1.0 and 1.1</div><div class=""><br class=""></div><div class="">Thanks,</div><div class="">Arik Halperin</div></div>_______________________________________________<br class="">
Kamailio (SER) - Users Mailing List<br class="">
<a href="mailto:sr-users@lists.kamailio.org" target="_blank" class="">sr-users@lists.kamailio.org</a><br class="">
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank" class="">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br class="">
</blockquote></div>
_______________________________________________<br class="">Kamailio (SER) - Users Mailing List<br class=""><a href="mailto:sr-users@lists.kamailio.org" target="_blank" class="">sr-users@lists.kamailio.org</a><br class=""><a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank" class="">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br class=""></div></blockquote></div><br class=""></div></div>_______________________________________________<br class="">
Kamailio (SER) - Users Mailing List<br class="">
<a href="mailto:sr-users@lists.kamailio.org" target="_blank" class="">sr-users@lists.kamailio.org</a><br class="">
<a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank" class="">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br class="">
</blockquote></div>
_______________________________________________<br class="">Kamailio (SER) - Users Mailing List<br class=""><a href="mailto:sr-users@lists.kamailio.org" class="">sr-users@lists.kamailio.org</a><br class="">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users<br class=""></div></blockquote></div><br class=""></div></body></html>