[SR-Users] TLSv1.3 support
Henning Westerholt
hw at gilawa.com
Wed Aug 17 18:09:44 CEST 2022
For completeness – there is also another commit which is necessary: c73a4127dfab6
This is work in progress, but tests are always welcome.
From: Henning Westerholt
Sent: Wednesday, August 17, 2022 3:59 PM
To: Helio <hok.sh10 at gmail.com>
Cc: Kamailio (SER) - Users Mailing List <sr-users at lists.kamailio.org>
Subject: RE: [SR-Users] TLSv1.3 support
Hello,
Please keep the list in CC.
Regarding opening new TLS 1.3 connection, this should work, but did not tested it right now. If not, open an issue on our tracker.
Regarding the option to restrict to only TSLv1.3 connection - I have added support for configuring this to git master version in commit 105600b3.
Maybe you can give it a try, the patch should probably apply to 5.6.x branch.
Cheers,
Henning
From: Helio <hok.sh10 at gmail.com<mailto:hok.sh10 at gmail.com>>
Sent: Wednesday, August 17, 2022 2:52 PM
To: Henning Westerholt <hw at gilawa.com<mailto:hw at gilawa.com>>
Subject: Re: [SR-Users] TLSv1.3 support
Regarding the full support, I would like to know if Kamailio can start a TLSv1.3 connection as a client. Another point is if we can restrict to accept only TLS v1.3 and not TLSv1.2 for instance.
Thanks,
Helio
Em ter., 16 de ago. de 2022 às 11:45, Henning Westerholt <hw at gilawa.com<mailto:hw at gilawa.com>> escreveu:
Hello,
not sure about the question about “full support”, maybe you can add details.
Kamailio supports connection with TLSv1.3:
$ openssl s_client -connect kam04.tst.domain.net:5061<http://kam04.tst.domain.net:5061> -tls1_3 2>&1 | tail -n 10
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Cheers,
Henning
From: sr-users <sr-users-bounces at lists.kamailio.org<mailto:sr-users-bounces at lists.kamailio.org>> On Behalf Of Helio
Sent: Monday, August 15, 2022 8:01 PM
To: sr-users at lists.kamailio.org<mailto:sr-users at lists.kamailio.org>
Subject: [SR-Users] TLSv1.3 support
Hello,
I noticed that Kamailio has option TLSv1.2+. Does the Kamailio support full TLSv1.3? Or does it have any restrictions?
BR,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220817/ca01670a/attachment.htm>
More information about the sr-users
mailing list