[OpenSIPS-Users] Include ECDHE cipher suites in TLS
Callum Guy
callum.guy at x-on.co.uk
Mon Jan 20 03:46:34 EST 2020
Hi Ali,
You'll need to setup your cipher list and DH file. You can generate a DH
param file like this: *openssl dhparam -out dhparam.pem 4096*
If you want to review locally available cipher suites you can run: *openssl
ciphers -v*
The OpenSIPs documentation clarifies the module configuration options
however the following setup will provide a set of strong ciphers and maybe
you can pick from this to add to your existing config to get things working.
modparam("tls_mgm", "dh_params", "/etc/pki/tls/certs/dhparam.pem")
modparam("tls_mgm", "ec_curve", "secp384r1")
modparam("tls_mgm", "ciphers_list",
"EECDH+AESGCM,EDH+AESGCM,AES256+EECDH,AES256+EDH")
modparam("tls_mgm", "verify_cert", "1")
modparam("tls_mgm", "require_cert", "1")
modparam("tls_mgm", "tls_method", "TLSv1_2")
modparam("tls_mgm", "certificate", "/etc/pki/tls/certs/sip.crt")
modparam("tls_mgm", "private_key", "/etc/pki/tls/private/sip.key")
modparam("tls_mgm", "ca_list", "/etc/pki/tls/certs/ca-bundle.crt")
modparam("tls_mgm", "ca_dir", "/etc/pki/tls/certs/")
Good luck,
Callum
On Sat, 18 Jan 2020 at 20:32, Ali Alawi <goatolina at gmail.com> wrote:
> Hello every one.
> I am trying to test TLS in OpenSIPS 2.4, the testing is going fine but it
> only support certain cipher suite methods such as (
>
> AES256-GCM-SHA384,AES256-SHA256,AES256-SHA,CAMELLIA256-SHA,AES128-SHA,SEED-SHA,CAMELLIA128-SHA,RC4-SHA,DES-CBC3-SHA
> )
> For some reason, I need to use ECDHE cipher suites but it is unsupported
> here.
> How can I include ECDHE in my TLS test?
> BTW, I am using OpenSSL 1.0.2g
>
> ALi
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
--
*0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk> | **
<https://www.linkedin.com/company/x-on> <https://www.facebook.com/XonTel>
<https://twitter.com/xonuk> *
X-on
is a trading name of Storacall
Technology Ltd a limited company registered in
England and Wales.
Registered Office : Avaland House, 110 London Road, Apsley, Hemel
Hempstead,
Herts, HP3 9SD. Company Registration No. 2578478.
The
information in this e-mail is confidential and for use by the addressee(s)
only. If you are not the intended recipient, please notify X-on immediately
on +44(0)333 332 0000 and delete the
message from your computer. If you are
not a named addressee you must not use,
disclose, disseminate, distribute,
copy, print or reply to this email. Views
or opinions expressed by an
individual
within this email may not necessarily
reflect the views of X-on
or its associated companies. Although X-on routinely
screens for viruses,
addressees should scan this email and any attachments
for
viruses. X-on
makes no representation or warranty as to the absence of viruses
in this
email or any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200120/979ed900/attachment.html>
More information about the Users
mailing list