Hi, it also depends on the version of OpenSSL, Kamailio was compiled against....
I can confirm, that Kamailio supports Elliptic Curve Diffie Hellmann (ECDHE), as I added support for it... ;-) Thanks, Carsten 2018-01-03 9:46 GMT+01:00 Karsten Horsmann <[email protected]>: > Hello, > > > There is an ssldump example on kamailio.org wiki to see the cipher suits. > > AFAIK it depends on your certificate/ca and how you create it. > > I see this with an test self-signed certificate that I did with one cipher > only. > > And of course you client need support for it. > > Am 02.01.2018 5:16 nachm. schrieb "Steve" <[email protected]>: > >> I have a question about deploying TLSv1.2 with Kamailio 4.3.4-1 on a >> Lubuntu 16.4.3 desktop environment. I changed the Kamailio default >> *tls.cfg* file under the section [server:default] to “method=TLSv1.2” >> and am using OpenSSL 1.0.2g from the Lubuntu repository. All the >> programs were loaded through the Synaptic Package Manager. >> >> My question is whether this version of Kamailio supports the cipher suite >> ECDHE-RSA-AES256-GCM-SHA384. My version of OpenSSL lists it as an option, >> but the highest strength cipher that the Kamailio 4.3.4 server seems to >> accept is RSA-AES256-GCM-SHA384. My (limited) understanding is that ECDHE >> is a better method of key exchange than RSA because it is ephemeral with >> forward secrecy. >> >> I used Wireshark to look at the connection protocols for sip clients >> Jitsi and Blink with the Kamailio server. Jitsi offers only four cipher >> choices of what I understand are considered compromised security TLS >> protocols and it connected with the RSA-AES128-CBC-SHA cipher. Blink offers >> 65 cipher choices, starting with ECDHE-RSA-AES256-GCM-SHA384. My Kamailio >> server accepted the 29th offering on the list, RSA-AES256-GCM-SHA384. >> Unless I am missing something, Kamailio 4.3.4 doesn’t seem to support >> ephemeral DH key exchanges. Is there some other TLS configuration file or >> setting for Kamailio that can be changed to allow this? >> >> >> >> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon> >> Virus-free. >> www.avast.com >> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link> >> <#m_-8452394494004720091_m_5244919164888980266_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> [email protected] >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> >> > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > -- Carsten Bock CEO (Geschäftsführer) ng-voice GmbH Millerntorplatz 1 20359 Hamburg / Germany http://www.ng-voice.com mailto:[email protected] Office +49 40 5247593-40 Fax +49 40 5247593-99 Sitz der Gesellschaft: Hamburg Registergericht: Amtsgericht Hamburg, HRB 120189 Geschäftsführer: Carsten Bock Ust-ID: DE279344284 Hier finden Sie unsere handelsrechtlichen Pflichtangaben: http://www.ng-voice.com/imprint/
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
