[SR-Users] TLS cipher suites

Steve smh2017 at zoho.com
Wed Jan 10 22:06:15 CET 2018


Hello All,

Thank you for your responses. I've upgraded from Kamailio 4.3.4 to
Kamailio 5.1, which does support ECDHE ciphers. So you can close out
this query about TLS cipher suites.  Thanks again.


On 1/9/2018 7:32 AM, Daniel-Constantin Mierla wrote:
>
> Hello,
>
> can you see what are the supported cypher advertised by kamailio with
> tls? Next link should provide some options to do it, searching on web
> should reveal more:
>
>   -
> https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers
>
> Cheers,
> Daniel
>
>
> On 05.01.18 16:40, Steve wrote:
>>
>> Hello,
>>
>> Thank you both for your responses to my query about TLS cipher suites
>> supported by Kamailio 4.3.4. When I used a self-signed certificate
>> generated from an RSA key, the server selected the
>> RSA-AES256-GCM-SHA384 cipher suite for the connection. When I used a
>> self-signed certificate generated from an EC key, the server selected
>> the ECDH-ECDSA-AES256-GCM-SHA384 cipher suite for the connection.
>> This was confirmed using the OpenSSL /s_client/ command and with
>> Wireshark. In short, I am still unable to establish an ECDHE
>> ephemeral key exchange even though the OpenSSL version 1.0.2g on
>> Lubuntu 16.4.3 supports it. So I must not have the correct
>> configuration of the TLS module for Kamailio 4.3.4 or else need to
>> generate some other kind of key/certificate.  I'm using the Kamailio
>> and TLS config files that came with the package downloads, minimally
>> modified to enable TLS and specify the file location of the key and
>> certificate. I googled "ephemeral key exchange" and came across a
>> posting on Stack Exchange talking about commands such as
>> /SSL_CTX_set_temp_ecdh_callback/ that enable ephemeral key exchange.
>> This command is not listed as a configuration setting in the TLS
>> module man-page so I assume it is a coding command used within the
>> module. In any case, I'd appreciate any further suggestions.
>>
>> Thanks,
>>
>> Steve 
>>
>>
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon>
>> 	Virus-free. www.avast.com
>> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link>
>>
>>
>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> -- 
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training - March 5-7, 2018, Berlin - www.asipto.com
> Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20180110/6ded810d/attachment.html>


More information about the sr-users mailing list