[SR-Users] Kamailio + tls

Henning Westerholt hw at kamailio.org
Thu Apr 12 21:50:24 CEST 2018


On Thursday, 12 April 2018 12:10:47 CEST Do Quang Trung wrote:
> 1/ I built openssl-1.0.2n with engine supported.
> 2/ in file tls_domain.c i modified C code in function static int
> set_cipher_list(tls_domain_t* d)
>     cipher_list="GOST-GOST89MAC" and rebuild kamailio
> i config kamailio support tls with self-signed as in help url:
> https://www.kamailio.org/dokuwiki/doku.php/tls:create-certificates
> 3/ start kamailio and error as follow
>  0(15353) ERROR: tls [tls_domain.c:652]: set_cipher_list(): TLSs<default>:
> Failure to set SSL context cipher list "GOST-GOST89MAC"
>  0(15353) ERROR: <core> [core/sr_module.c:942]: init_mod_child(): error
> while initializing module tls (/usr/local/lib64/kamailio/modules/tls.so)
> (idx: 0 rank: -127 desc: [main])

Hello Do Quang,

I don't think you need to change the C code of kamailio to set a cipher list. 
Have a look to the cipher_list parameter in the README:

10.9. cipher_list (string)

   Sets the list of accepted ciphers. The list consists of cipher strings
   separated by colons. For more information on the cipher list format see
   the cipher(1) OpenSSL man page.

   The default value is not set (all the OpenSSL supported ciphers are
   enabled).

   Example 1.11. Set cipher_list parameter
...
modparam("tls", "cipher_list", "HIGH")
...

I would suggest that you tried to start kamailio with tls without a special 
cipher first. Then you could sort out the issues if there is a generic error 
related to the installation.

Then continue with trying to activate the cipher list. Check if the cipher is 
supported/build-in in openssl as well.

Best regards,

Henning



More information about the sr-users mailing list