New subject: BAD request

3 Oct 2012

Hi, 

I have Kamailio 3.3.1 working fine with TLS 1.0, running on CentOS 6.3 

However, now I want to use some ECDHE ciphersuites, for instance:
 ECDHE-ECDSA-AES128-SHA 
I have built an appropriate OpenSSL (1.0.0j) in CentOS to support this, and have generated
the appropriate certs: 

openssl ecparam -out ca-privkey.pem -name secp256r1 -genkey -outform pem 
openssl req -x509 -new -key ca-privkey.pem -out ca_cert.pem -outform PEM -days 3650 
openssl ecparam -out privkey.pem -name secp256r1 -genkey -outform pem 
openssl req -new -nodes -key privkey.pem -outform pem -out cert_req.pem 
openssl ca -keyfile ca-privkey.pem  -cert ca_cert.pem -in cert_req.pem -out cert.pem 


However, when I try to connect from my phone I am always getting: 

Oct  3 20:27:54 /usr/sbin/kamailio[2905]: ERROR: tls [tls_server.c:1190]: TLS
accept:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Oct  3 20:27:54 /usr/sbin/kamailio[2905]: ERROR: <core> [tcp_read.c:1127]: ERROR:
tcp_read_req: error reading 
If I use the OpenSSL s_server test-tool, I can connect from my phone just fine with these
certs: 
openssl s_server -accept 8888 -cert cert.pem -key key.pem -pass stdin -CAfile calist.pem
-cipher ECDHE-ECDSA-AES128-SHA 

Does Kamailio support ECDHE ciphersuites? 
If so, what am I doing wrong? 

Thanks! 
AJ

Does Kamailio support ECDHE ciphers for TLS?