[SR-Users] TLS cipher suites
Karsten Horsmann
khorsmann at gmail.com
Wed Jan 3 09:46:21 CET 2018
Hello,
There is an ssldump example on kamailio.org wiki to see the cipher suits.
AFAIK it depends on your certificate/ca and how you create it.
I see this with an test self-signed certificate that I did with one cipher
only.
And of course you client need support for it.
Am 02.01.2018 5:16 nachm. schrieb "Steve" <smh2017 at zoho.com>:
> I have a question about deploying TLSv1.2 with Kamailio 4.3.4-1 on a
> Lubuntu 16.4.3 desktop environment. I changed the Kamailio default
> *tls.cfg* file under the section [server:default] to “method=TLSv1.2” and
> am using OpenSSL 1.0.2g from the Lubuntu repository. All the programs
> were loaded through the Synaptic Package Manager.
>
> My question is whether this version of Kamailio supports the cipher suite
> ECDHE-RSA-AES256-GCM-SHA384. My version of OpenSSL lists it as an option,
> but the highest strength cipher that the Kamailio 4.3.4 server seems to
> accept is RSA-AES256-GCM-SHA384. My (limited) understanding is that ECDHE
> is a better method of key exchange than RSA because it is ephemeral with
> forward secrecy.
>
> I used Wireshark to look at the connection protocols for sip clients Jitsi
> and Blink with the Kamailio server. Jitsi offers only four cipher choices
> of what I understand are considered compromised security TLS protocols and
> it connected with the RSA-AES128-CBC-SHA cipher. Blink offers 65 cipher
> choices, starting with ECDHE-RSA-AES256-GCM-SHA384. My Kamailio server
> accepted the 29th offering on the list, RSA-AES256-GCM-SHA384. Unless I
> am missing something, Kamailio 4.3.4 doesn’t seem to support ephemeral DH
> key exchanges. Is there some other TLS configuration file or setting for
> Kamailio that can be changed to allow this?
>
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> Virus-free.
> www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link>
> <#m_5244919164888980266_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20180103/8744203e/attachment.html>
More information about the sr-users
mailing list