<!-- Kamailio Pull Request Template -->
<!-- IMPORTANT: - for detailed contributing guidelines, read: https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md - pull requests must be done to master branch, unless they are backports of fixes from master branch to a stable branch - backports to stable branches must be done with 'git cherry-pick -x ...' - code is contributed under BSD for core and main components (tm, sl, auth, tls) - code is contributed GPLv2 or a compatible license for the other components - GPL code is contributed with OpenSSL licensing exception -->
#### Pre-Submission Checklist <!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply --> <!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above--> <!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list --> - [x] Commit message has the format required by CONTRIBUTING guide - [x] Commits are split per component (core, individual modules, libs, utils, ...) - [x] Each component has a single commit (if not, squash them into one commit) - [x] No commits to README files for modules (changes must be done to docbook files in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change - [ ] Small bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds new functionality) - [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist: <!-- Go over all points below, and after creating the PR, tick the checkboxes that apply --> - [ ] PR should be backported to stable branches - [ ] Tested changes locally - [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description <!-- Describe your changes in detail -->
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/4256
-- Commit Summary --
* Using SSL_CTX_set_ciphersuites for TLS 1.3 and above when setting cipher list * tls: Update TLS1.3 ciphers to use SSL_CTX_ciphhersuites on openSSL lib >= 1.1.1 in set_cipher_list()
-- File Changes --
M src/modules/tls/tls_domain.c (26)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/4256.patch https://github.com/kamailio/kamailio/pull/4256.diff
nicchap left a comment (kamailio/kamailio#4256)
Need to call SSL_CTX_ciphersuites() instead of SSL_CTX_cipher_list() when setting TLS1.3 ciphers in the set_cipher_list function in the TLS module. This could also be applied to the wolfssl tls module. This applies to OpenSSL 1.1.1 and above.
@nicchap pushed 0 commits.
Closed #4256.
Reopened #4256.
@nicchap pushed 1 commit.
544a6665e9ceb930f3a50d256258830598d0c45c Removed extra return variable sslrtn in set_cipher_list() in favor of logging each SSL_CTX_cipher_() function call errors more accurately
henningw left a comment (kamailio/kamailio#4256)
@nicchap Thanks for the PR. Could you have a look to the three failed checks? After you fixed e.g. the format, you need to force-push, or (if you prefer that) to close it and create a new PR.
nicchap left a comment (kamailio/kamailio#4256)
I will as soon as I get back from my trip
Get Outlook for Androidhttps://aka.ms/AAb9ysg ________________________________ From: Henning Westerholt ***@***.***> Sent: Wednesday, June 18, 2025 3:35:59 PM To: kamailio/kamailio ***@***.***> Cc: Nicolas Chapleau ***@***.***>; Mention ***@***.***> Subject: Re: [kamailio/kamailio] tls: Setting OpenSSL TLS1.3 cipher lists (PR #4256)
[https://avatars.githubusercontent.com/u/6481937?s=20&v=4%5Dhenningw left a comment (kamailio/kamailio#4256)https://github.com/kamailio/kamailio/pull/4256#issuecomment-2983237071
@nicchaphttps://github.com/nicchap Thanks for the PR. Could you have a look to the three failed checks? After you fixed e.g. the format, you need to force-push, or (if you prefer that) to close it and create a new PR.
— Reply to this email directly, view it on GitHubhttps://github.com/kamailio/kamailio/pull/4256#issuecomment-2983237071, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAADVA4LGCUJFGXIYQZF3TD3EEQG7AVCNFSM6AAAAAB5ZJSYEGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDSOBTGIZTOMBXGE. You are receiving this because you were mentioned.Message ID: ***@***.***>
-
Henning Westerholt -
Nicolas Chapleau