[SR-Users] Disabling weak SSL Cypher suites

Henning Westerholt hw at skalatan.de
Tue Dec 10 08:23:33 CET 2019


small addition - it is not possible to only specify TLS v1.3 at the moment (but work is planned here) - use TLSv1.2+ to get all version equal or larger TLS 1.2.


Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://gilawa.com<https://gilawa.com/>

From: sr-users <sr-users-bounces at lists.kamailio.org> On Behalf Of Arik Halperin
Sent: Tuesday, December 10, 2019 7:29 AM
To: sr-users at lists.kamailio.org
Cc: Tsur Arieli <tsur at telemessage.com>; Yossi Shteingart <yossi at telemessage.com>
Subject: [SR-Users] Disabling weak SSL Cypher suites


How can I disable:


TLS_RSA_WITH_RC4_128_MD5 (0x4)   INSECURE128

What should I put in cypher_list in order to disable the above?

I would also like support TLS 1.2 and TLS 1.3, but remove support for 1.0 and 1.1

Arik Halperin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191210/bcc0d101/attachment.html>

More information about the sr-users mailing list