[SR-Users] TLS cipher suites

Daniel-Constantin Mierla miconda at gmail.com
Tue Jan 9 13:32:41 CET 2018 

Hello,

can you see what are the supported cypher advertised by kamailio with
tls? Next link should provide some options to do it, searching on web
should reveal more:

  -
https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers

Cheers,
Daniel


On 05.01.18 16:40, Steve wrote:
>
> Hello,
>
> Thank you both for your responses to my query about TLS cipher suites
> supported by Kamailio 4.3.4. When I used a self-signed certificate
> generated from an RSA key, the server selected the
> RSA-AES256-GCM-SHA384 cipher suite for the connection. When I used a
> self-signed certificate generated from an EC key, the server selected
> the ECDH-ECDSA-AES256-GCM-SHA384 cipher suite for the connection. This
> was confirmed using the OpenSSL /s_client/ command and with Wireshark.
> In short, I am still unable to establish an ECDHE ephemeral key
> exchange even though the OpenSSL version 1.0.2g on Lubuntu 16.4.3
> supports it. So I must not have the correct configuration of the TLS
> module for Kamailio 4.3.4 or else need to generate some other kind of
> key/certificate.  I'm using the Kamailio and TLS config files that
> came with the package downloads, minimally modified to enable TLS and
> specify the file location of the key and certificate. I googled
> "ephemeral key exchange" and came across a posting on Stack Exchange
> talking about commands such as /SSL_CTX_set_temp_ecdh_callback/ that
> enable ephemeral key exchange. This command is not listed as a
> configuration setting in the TLS module man-page so I assume it is a
> coding command used within the module. In any case, I'd appreciate any
> further suggestions.
>
> Thanks,
>
> Steve 
>
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon>
> 	Virus-free. www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link>
>
>
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - March 5-7, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20180109/557d629e/attachment.html>

More information about the sr-users mailing list