Plz help me. I want config kamailio 5.1 support tls using gost89 cipher to protect data.
On Wednesday, 11 April 2018 13:49:35 CEST Do Quang Trung wrote:
Plz help me. I want config kamailio 5.1 support tls using gost89 cipher to protect data.
Hello,
could you share a bit more details:
- what have you already done - have you already tried to configure it - what is the exact issue that you are facing?
Best regards,
Henning
1/ I built openssl-1.0.2n with engine supported. 2/ in file tls_domain.c i modified C code in function static int set_cipher_list(tls_domain_t* d) cipher_list="GOST-GOST89MAC" and rebuild kamailio i config kamailio support tls with self-signed as in help url: https://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates 3/ start kamailio and error as follow 0(15353) ERROR: tls [tls_domain.c:652]: set_cipher_list(): TLSs<default>: Failure to set SSL context cipher list "GOST-GOST89MAC" 0(15353) ERROR: <core> [core/sr_module.c:942]: init_mod_child(): error while initializing module tls (/usr/local/lib64/kamailio/modules/tls.so) (idx: 0 rank: -127 desc: [main]) Plz help!
On Thu, Apr 12, 2018 at 1:18 PM, Henning Westerholt hw@kamailio.org wrote:
On Wednesday, 11 April 2018 13:49:35 CEST Do Quang Trung wrote:
Plz help me. I want config kamailio 5.1 support tls using gost89 cipher to protect
data.
Hello,
could you share a bit more details:
- what have you already done
- have you already tried to configure it
- what is the exact issue that you are facing?
Best regards,
Henning
On Thursday, 12 April 2018 12:10:47 CEST Do Quang Trung wrote:
1/ I built openssl-1.0.2n with engine supported. 2/ in file tls_domain.c i modified C code in function static int set_cipher_list(tls_domain_t* d) cipher_list="GOST-GOST89MAC" and rebuild kamailio i config kamailio support tls with self-signed as in help url: https://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates 3/ start kamailio and error as follow 0(15353) ERROR: tls [tls_domain.c:652]: set_cipher_list(): TLSs<default>: Failure to set SSL context cipher list "GOST-GOST89MAC" 0(15353) ERROR: <core> [core/sr_module.c:942]: init_mod_child(): error while initializing module tls (/usr/local/lib64/kamailio/modules/tls.so) (idx: 0 rank: -127 desc: [main])
Hello Do Quang,
I don't think you need to change the C code of kamailio to set a cipher list. Have a look to the cipher_list parameter in the README:
10.9. cipher_list (string)
Sets the list of accepted ciphers. The list consists of cipher strings separated by colons. For more information on the cipher list format see the cipher(1) OpenSSL man page.
The default value is not set (all the OpenSSL supported ciphers are enabled).
Example 1.11. Set cipher_list parameter ... modparam("tls", "cipher_list", "HIGH") ...
I would suggest that you tried to start kamailio with tls without a special cipher first. Then you could sort out the issues if there is a generic error related to the installation.
Then continue with trying to activate the cipher list. Check if the cipher is supported/build-in in openssl as well.
Best regards,
Henning
-
Do Quang Trung -
Henning Westerholt