Description

I am connecting two kamailio (5.4.5) using TLS with client cert verification. When one side is OpenSSL 1.1.1 (CentOS 8) + P-256 cert and the other side is OpenSSL 1.0.2 (CentOS 7) + P-521 cert and cipher_list is set(e.g., DEFAULT), the ClientHello fails because the only supported curve sent is P-256 (server has P-521).

Troubleshooting

1. If cipher_list is not set at all in [client:defaut]l, then the ClientHello sends 4 supported EC groups and the handshake succeeds.
   2 . If cipher_list is set in [client:defaut] (e.g. DEFAULT or ANY) then the ClientHello sends only 1 supported EC group P-256 (I guess because the client is using a P-256 cert), then the handshake will fail.

Reproduction

1. Connect two kamailos one on CentOS 8 sending SIP to one on CentOS 7, enable TLS, with client cert verification. Put a P-256 cert on CentOS 8 and a P-521 cert on CentOS 7.

Debugging Data

1. cipher_list is not set: TLS ClientHello Supported Groups is 4 groups: secp256r1 secp521r1 secp384r1 secp256k1
2. cipher_list is set to DEFAULT: TLS ClientHello Supported Groups is 1 group: secp256r1.

Log Messages

ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

SIP Traffic

NA - couldn't complete TLS handshake so no SIP was transferred.

Possible Solutions

1. Don't set cipher_list at all; the moment you set cipher_list to anything(ANY, DEFAULT etc), the ClientHello will narrow the supported groups to P-256 and the server will reject.

I have a thought: does setup_ecdh() in tls_domain.c behave differently on OpenSSL 1.1.1? Maybe it is forcing the handshake to send only the curve of the client.

Additional Information

1. kamailio version is 5.4.5
2. Must be OpenSSL 1.1.1 to OpenSSL 1.0.2. BTW in the reverse direction P-521 CentOS 7 to P-256 CentOS 8 doesn't encounter this issue.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.