Hi there,
I have set up a Kamailio 4.2.0 SIP server (centOS 7) for a
        university project regarding WebRTC comunication. While kamailio
        handles the signaling path I use the SIP.js demo phone js
        application (hosted on the same machine as kamaillio) for actual
        WebRTC stuff. 


For a deeper understanding and documetation purposes I
        have been trying to sniff the traffic with wireshark but failed
        due to the fact that kamailio uses Elliptic Curve Diffie
        Hellmann cipher suite (see wireshark snippet below) which is not
        decryptable.


Secure Sockets Layer


    TLSv1.2 Record Layer: Handshake Protocol: Server
        Hello


        Content Type: Handshake (22)


        Version: TLS 1.2 (0x0303)


        Length: 89


        Handshake Protocol: Server Hello


            Handshake Type: Server Hello (2)


            Length: 85


            Version: TLS 1.2 (0x0303)


            Random:
        b8916e4e0f7c712503a77afcf4c9228598092c166353be50...


            Session ID Length: 32


            Session ID:
        b0a31a6699a001b7991645dc61064ca4c4b073eff6913f26...


            Cipher Suite:
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)


            Compression Method: null (0)


            Extensions Length: 13


            Extension: renegotiation_info (len=1)


            Extension: ec_point_formats (len=4)
I already tried importing captured SSLKEYLOG pre master
        secret from chrome and private key file issued by letsencrypt
        without success.


On top of that I set this line 

      
    SSLCipherSuite
!DH:!ECDH:!EDH:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        

in /etc/httpd/conf.d/ssl.conf and compiled openssl with no-ec
        no-dh (which worked see below).
[admin@kamailio-sip ~]$ openssl ciphers

SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:SRP-3DES-EDE-CBC-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA

        [admin@kamailio-sip ~]$


Setting 

      
    modparam("tls", "cipher_list", "AESCCM") 

      
(or different ciphers) in /etc/kamailio/kamailio.cfg seems to
        have no effect on the actual negoiated cipher suite.

      
Am I missing something? Any help or pointers into the right
        direction will be much appreciated.


Best regards,
Ilyas Keskin