Federico, thanks Did the changes in the file. It’s fixed.
Arik > On 22 Dec 2019, at 19:28, Federico Cabiddu <[email protected]> wrote: > > Hi Arik, > I think that the problem is that you are using a configuration file for tls. > In this case you have to specify there the parameters like ciphers, because > the module's ones will be ignored: > http://www.kamailio.org/docs/modules/5.3.x/modules/tls.html#tls.p.config > <http://www.kamailio.org/docs/modules/5.3.x/modules/tls.html#tls.p.config>. > > Cheers, > > Federico > > On Sun, Dec 22, 2019 at 6:16 PM Arik Halperin <[email protected] > <mailto:[email protected]>> wrote: > Federico, Thank you > > I added these lines to my config: > > #!ifdef WITH_TLS > # ----- tls params ----- > modparam("tls","config","/usr/local/etc/kamailio/tls.cfg") > modparam("tls", "cipher_list", "HIGH") > modparam("tls", "tls_method", "TLSv1.2+") > #!endif > > But it still doesn’t work. > > I ran this test, but it still says: > > Cipher Suites > # TLS 1.0 (suites in server-preferred order) > TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256 > TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK 256 > TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128 > TLS_RSA_WITH_SEED_CBC_SHA (0x96) WEAK 128 > TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) WEAK 128 > TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128 > TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE 128 > TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK > > > I don’t know how to get rid of the insecure ones. > > Best Regards, > Arik > > >> On 10 Dec 2019, at 9:03, Federico Cabiddu <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi, >> for enabling a specific set of ciphers have a look at tls module's >> cipher_list param: >> http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.cipher_list >> >> <http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.cipher_list>. >> For supporting specific versions of TLS look at tls_method param: >> http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.tls_method >> <http://www.kamailio.org/docs/modules/5.4.x/modules/tls.html#tls.p.tls_method>. >> >> Cheers, >> >> Federico >> >> On Tue, Dec 10, 2019 at 7:30 AM Arik Halperin <[email protected] >> <mailto:[email protected]>> wrote: >> Hello, >> >> How can I disable: >> >> >> TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE128 >> >> TLS_RSA_WITH_RC4_128_MD5 (0x4) INSECURE128 >> >> What should I put in cypher_list in order to disable the above? >> >> I would also like support TLS 1.2 and TLS 1.3, but remove support for 1.0 >> and 1.1 >> >> Thanks, >> Arik Halperin >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> [email protected] <mailto:[email protected]> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> >> _______________________________________________ >> Kamailio (SER) - Users Mailing List >> [email protected] <mailto:[email protected]> >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> > > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] <mailto:[email protected]> > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users> > _______________________________________________ > Kamailio (SER) - Users Mailing List > [email protected] > https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ Kamailio (SER) - Users Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
