Hello,
There is an ssldump example on kamailio.org wiki to see the cipher suits. AFAIK it depends on your certificate/ca and how you create it. I see this with an test self-signed certificate that I did with one cipher only. And of course you client need support for it. Am 02.01.2018 5:16 nachm. schrieb "Steve" <[email protected]>: > I have a question about deploying TLSv1.2 with Kamailio 4.3.4-1 on a > Lubuntu 16.4.3 desktop environment. I changed the Kamailio default > *tls.cfg* file under the section [server:default] to “method=TLSv1.2” and > am using OpenSSL 1.0.2g from the Lubuntu repository. All the programs > were loaded through the Synaptic Package Manager. > > My question is whether this version of Kamailio supports the cipher suite > ECDHE-RSA-AES256-GCM-SHA384. My version of OpenSSL lists it as an option, > but the highest strength cipher that the Kamailio 4.3.4 server seems to > accept is RSA-AES256-GCM-SHA384. My (limited) understanding is that ECDHE > is a better method of key exchange than RSA because it is ephemeral with > forward secrecy. > > I used Wireshark to look at the connection protocols for sip clients Jitsi > and Blink with the Kamailio server. Jitsi offers only four cipher choices > of what I understand are considered compromised security TLS protocols and > it connected with the RSA-AES128-CBC-SHA cipher. Blink offers 65 cipher > choices, starting with ECDHE-RSA-AES256-GCM-SHA384. My Kamailio server > accepted the 29th offering on the list, RSA-AES256-GCM-SHA384. Unless I > am missing something, Kamailio 4.3.4 doesn’t seem to support ephemeral DH > key exchanges. Is there some other TLS configuration file or setting for > Kamailio that can be changed to allow this? > > > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> > Virus-free. > www.avast.com > <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link> > <#m_5244919164888980266_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> > > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > >
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
