Hi, I have OpenSIPS 1.7.2 working fine with TLS 1.0, running on CentOS 6.3
However, now I want to use some ECDHE ciphersuites, for instance: ECDHE-ECDSA-AES128-SHA I have built an appropriate OpenSSL (1.0.0j) in CentOS to support this, and have generated the appropriate certs: openssl ecparam -out ca-privkey.pem -name secp256r1 -genkey -outform pem openssl req -x509 -new -key ca-privkey.pem -out ca_cert.pem -outform PEM -days 3650 openssl ecparam -out privkey.pem -name secp256r1 -genkey -outform pem openssl req -new -nodes -key privkey.pem -outform pem -out cert_req.pem openssl ca -keyfile ca-privkey.pem -cert ca_cert.pem -in cert_req.pem -out cert.pem However, when I try to connect from my phone I am always getting: Sep 23 03:32:10 opensips /usr/sbin/opensips[1576]: ERROR:core:tls_accept: some error in SSL (ret=-1, err=1, errno=0/Success): Sep 23 03:32:10 opensips /usr/sbin/opensips[1576]: ERROR:core:tls_print_errstack: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher If I use the OpenSSL s_server test-tool, I can connect from my phone just fine with these certs: openssl s_server -accept 8888 -cert cert.pem -key key.pem -pass stdin -CAfile calist.pem -cipher ECDHE-ECDSA-AES128-SHA Does OpenSIPS support ECDHE ciphersuites? If so, what am I doing wrong? Thanks! AJ _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
