[SR-Users] Does Kamailio support ECDHE ciphers for TLS?

Daniel-Constantin Mierla miconda at gmail.com
Fri Oct 5 10:23:35 CEST 2012 

Hello,

it should support all the ciphers from the library. Anyhow, you can 
force a list through module parameter:

http://kamailio.org/docs/modules/stable/modules/tls.html#cipher_list

Also, be sure you don't have many versions of the ssl lib installed, or 
if yes, then be sure you link against the right one.
Cheers,
Daniel


On 10/4/12 3:32 AM, AJ wrote:
> Hi,
>
> I have Kamailio 3.3.1 working fine with TLS 1.0, running on CentOS 6.3
>
> However, now I want to use some ECDHE ciphersuites, for instance:  ECDHE-ECDSA-AES128-SHA
> I have built an appropriate OpenSSL (1.0.0j) in CentOS to support this, and have generated the appropriate certs:
>
> openssl ecparam -out ca-privkey.pem -name secp256r1 -genkey -outform pem
> openssl req -x509 -new -key ca-privkey.pem -out ca_cert.pem -outform PEM -days 3650
> openssl ecparam -out privkey.pem -name secp256r1 -genkey -outform pem
> openssl req -new -nodes -key privkey.pem -outform pem -out cert_req.pem
> openssl ca -keyfile ca-privkey.pem  -cert ca_cert.pem -in cert_req.pem -out cert.pem
>
>
> However, when I try to connect from my phone I am always getting:
>
> Oct  3 20:27:54 /usr/sbin/kamailio[2905]: ERROR: tls [tls_server.c:1190]: TLS accept:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> Oct  3 20:27:54 /usr/sbin/kamailio[2905]: ERROR: <core> [tcp_read.c:1127]: ERROR: tcp_read_req: error reading
> If I use the OpenSSL s_server test-tool, I can connect from my phone just fine with these certs:
> openssl s_server -accept 8888 -cert cert.pem -key key.pem -pass stdin -CAfile calist.pem -cipher ECDHE-ECDSA-AES128-SHA
>
> Does Kamailio support ECDHE ciphersuites?
> If so, what am I doing wrong?
>
> Thanks!
> AJ
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Kamailio Advanced Training, Berlin, Nov 5-8, 2012 - http://asipto.com/u/kat
Kamailio Advanced Training, Miami, USA, Nov 12-14, 2012 - http://asipto.com/u/katu

More information about the sr-users mailing list