Hello,
OS:
outdated Debian 8 Jessie OpenSSL 1.0.1t 3 May 2016 openssl ciphers -v | grep 'ECDHE-RSA-AES256-GCM-SHA384' ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
# kamailio -V version: kamailio 5.5.6 (x86_64/linux) ad1244 flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. compiled on 21:08:20 Apr 13 2023 with gcc 4.9.2
modparam("tls", "cipher_list", "ALL") method = TLSv1.2+
Elliptic Curve Diffie-Hellman (EDCH)-Ciphers are only supported in OpenSSL 1.0.0e and later.
Any suggestions?
From the docs [1] "TLSv1.2+" seems to require openssl v1.1.1 at least. Can you try "TLSv1.1+" or "TLSv1.2" instead?
Lukas
[1] https://kamailio.org/docs/modules/devel/modules/tls.html#tls.p.tls_method