Hello,

it should support all the ciphers from the library. Anyhow, you can force a list through module parameter:

http://kamailio.org/docs/modules/stable/modules/tls.html#cipher_list

Also, be sure you don't have many versions of the ssl lib installed, or if yes, then be sure you link against the right one. Cheers, Daniel

On 10/4/12 3:32 AM, AJ wrote:

Hi,

I have Kamailio 3.3.1 working fine with TLS 1.0, running on CentOS 6.3

However, now I want to use some ECDHE ciphersuites, for instance: ECDHE-ECDSA-AES128-SHA I have built an appropriate OpenSSL (1.0.0j) in CentOS to support this, and have generated the appropriate certs:

openssl ecparam -out ca-privkey.pem -name secp256r1 -genkey -outform pem openssl req -x509 -new -key ca-privkey.pem -out ca_cert.pem -outform PEM -days 3650 openssl ecparam -out privkey.pem -name secp256r1 -genkey -outform pem openssl req -new -nodes -key privkey.pem -outform pem -out cert_req.pem openssl ca -keyfile ca-privkey.pem -cert ca_cert.pem -in cert_req.pem -out cert.pem

However, when I try to connect from my phone I am always getting:

Oct 3 20:27:54 /usr/sbin/kamailio[2905]: ERROR: tls [tls_server.c:1190]: TLS accept:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Oct 3 20:27:54 /usr/sbin/kamailio[2905]: ERROR: <core> [tcp_read.c:1127]: ERROR: tcp_read_req: error reading If I use the OpenSSL s_server test-tool, I can connect from my phone just fine with these certs: openssl s_server -accept 8888 -cert cert.pem -key key.pem -pass stdin -CAfile calist.pem -cipher ECDHE-ECDSA-AES128-SHA

Does Kamailio support ECDHE ciphersuites? If so, what am I doing wrong?

Thanks! AJ

---

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users