Dear Callum, Thanks a lot. it help me to establish a TLS connection with ECDH suite. but I used my own certificate.pem rather than the one you mentioned sip.crt. Actually, I couldn't figure out from where I can get this kind of .crt files.
On Mon, Jan 20, 2020 at 11:49 AM Callum Guy <[email protected]> wrote: > Hi Ali, > > You'll need to setup your cipher list and DH file. You can generate a DH > param file like this: *openssl dhparam -out dhparam.pem 4096* > > If you want to review locally available cipher suites you can run: *openssl > ciphers -v* > > The OpenSIPs documentation clarifies the module configuration options > however the following setup will provide a set of strong ciphers and maybe > you can pick from this to add to your existing config to get things working. > > modparam("tls_mgm", "dh_params", "/etc/pki/tls/certs/dhparam.pem") > modparam("tls_mgm", "ec_curve", "secp384r1") > modparam("tls_mgm", "ciphers_list", > "EECDH+AESGCM,EDH+AESGCM,AES256+EECDH,AES256+EDH") > modparam("tls_mgm", "verify_cert", "1") > modparam("tls_mgm", "require_cert", "1") > modparam("tls_mgm", "tls_method", "TLSv1_2") > modparam("tls_mgm", "certificate", "/etc/pki/tls/certs/sip.crt") > modparam("tls_mgm", "private_key", "/etc/pki/tls/private/sip.key") > modparam("tls_mgm", "ca_list", "/etc/pki/tls/certs/ca-bundle.crt") > modparam("tls_mgm", "ca_dir", "/etc/pki/tls/certs/") > > Good luck, > > Callum > > On Sat, 18 Jan 2020 at 20:32, Ali Alawi <[email protected]> wrote: > >> Hello every one. >> I am trying to test TLS in OpenSIPS 2.4, the testing is going fine but it >> only support certain cipher suite methods such as ( >> >> AES256-GCM-SHA384,AES256-SHA256,AES256-SHA,CAMELLIA256-SHA,AES128-SHA,SEED-SHA,CAMELLIA128-SHA,RC4-SHA,DES-CBC3-SHA >> ) >> For some reason, I need to use ECDHE cipher suites but it is unsupported >> here. >> How can I include ECDHE in my TLS test? >> BTW, I am using OpenSSL 1.0.2g >> >> ALi >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > > > *0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | ** > <https://www.linkedin.com/company/x-on> <https://www.facebook.com/XonTel> > <https://twitter.com/xonuk> * > > X-on is a trading name of Storacall Technology Ltd a limited company > registered in England and Wales. > Registered Office : Avaland House, 110 London Road, Apsley, Hemel > Hempstead, Herts, HP3 9SD. Company Registration No. 2578478. > The information in this e-mail is confidential and for use by the > addressee(s) only. If you are not the intended recipient, please notify > X-on immediately on +44(0)333 332 0000 and delete the > message from your computer. If you are not a named addressee you must not > use, disclose, disseminate, distribute, copy, print or reply to this email. > Views > or opinions expressed by an individual > within this email may not necessarily reflect the views of X-on or its > associated companies. Although X-on routinely screens for viruses, > addressees should scan this email and any attachments > for viruses. X-on makes no representation or warranty as to the absence of > viruses in this email or any attachments. > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
