[SR-Users] Kamailio + tls
Henning Westerholt
hw at kamailio.org
Thu Apr 12 21:50:24 CEST 2018
On Thursday, 12 April 2018 12:10:47 CEST Do Quang Trung wrote:
> 1/ I built openssl-1.0.2n with engine supported.
> 2/ in file tls_domain.c i modified C code in function static int
> set_cipher_list(tls_domain_t* d)
> cipher_list="GOST-GOST89MAC" and rebuild kamailio
> i config kamailio support tls with self-signed as in help url:
> https://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
> 3/ start kamailio and error as follow
> 0(15353) ERROR: tls [tls_domain.c:652]: set_cipher_list(): TLSs<default>:
> Failure to set SSL context cipher list "GOST-GOST89MAC"
> 0(15353) ERROR: <core> [core/sr_module.c:942]: init_mod_child(): error
> while initializing module tls (/usr/local/lib64/kamailio/modules/tls.so)
> (idx: 0 rank: -127 desc: [main])
Hello Do Quang,
I don't think you need to change the C code of kamailio to set a cipher list.
Have a look to the cipher_list parameter in the README:
10.9. cipher_list (string)
Sets the list of accepted ciphers. The list consists of cipher strings
separated by colons. For more information on the cipher list format see
the cipher(1) OpenSSL man page.
The default value is not set (all the OpenSSL supported ciphers are
enabled).
Example 1.11. Set cipher_list parameter
...
modparam("tls", "cipher_list", "HIGH")
...
I would suggest that you tried to start kamailio with tls without a special
cipher first. Then you could sort out the issues if there is a generic error
related to the installation.
Then continue with trying to activate the cipher list. Check if the cipher is
supported/build-in in openssl as well.
Best regards,
Henning
More information about the sr-users
mailing list