<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:-Apple-System;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:#1F3864;
        font-weight:normal;
        font-style:normal;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864"><a href="https://github.com/OpenSIPS/opensips/issues/3006">https://github.com/OpenSIPS/opensips/issues/3006</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">Hi All, <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">            </span>
<span style="color:#1F3864">We are facing below basic issues and would like to hear if we are missing something very basic. Any help would be greatly appreciated.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F3864">                After updating the cipher list to a shorter list we are seeing “no shared cipher” error though actually there is a shared cipher.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F3864">                Would it be because those ciphers are not supported?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="color:#1F3864">New list of ciphers used:</span><span style="font-size:10.5pt;font-family:-Apple-System;color:#24292F"><br>
<span style="background:white">modparam("tls_mgm", "ciphers_list", "ECDHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-GCM-SHA384" )            
</span></span><span style="color:#1F3864"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:12.0pt;color:#1F3864">Error log:
</span><span style="font-size:10.5pt;font-family:-Apple-System;color:#24292F;background:white">Log:</span><span style="font-size:10.5pt;font-family:-Apple-System;color:#24292F"><br>
<span style="background:white">2023-02-01T14:26:58.451-05:00 [local2] [err] bhanu-mm-168 /usr/sbin/opensipsInternal[22800]: ERROR:proto_tls:tls_accept: New TLS connection from 10.207.232.70:58312 failed to accept</span><br>
<span style="background:white">2023-02-01T14:26:58.451-05:00 [local2] [err] bhanu-mm-168 /usr/sbin/opensipsInternal[22800]: ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher</span><br>
<span style="background:white">2023-02-01T14:26:58.452-05:00 [local2] [err] bhanu-mm-168 /usr/sbin/opensipsInternal[22800]: ERROR:proto_tls:tls_read_req: failed to do pre-tls reading</span></span><span style="font-size:12.0pt;color:#1F3864"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">            <o:p>
</o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">            Attached pcaps with failed case.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">            Working case cipher used:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">            </span>
<span style="font-size:10.5pt;font-family:-Apple-System;color:#24292F;background:white">ECDHE-RSA-AES128-GCM-SHA256,DHE-RSA-AES128-GCM-SHA256,AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA256,AES128-SHA256,EECDH+AESGCM,EDH+AESGCM,AES256+EECDH,AES256+EDH,ECDHE-RSA-AES256-GCM-SHA384,DHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES256-SHA256,DHE-RSA-AES128-SHA256,DHE-RSA-AES256-SHA,DHE-RSA-AES128-SHA,!ECDHE-RSA-DES-CBC3-SHA,!EDH-RSA-DES-CBC3-SHA,AES256-GCM-SHA384,AES256-SHA256,AES256-SHA,AES128-SHA,!DES-CBC3-SHA,HIGH,!aNULL,!eNULL,!EXPORT,!DES,!MD5,!PSK,!RC4<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:-Apple-System;color:#24292F;background:white"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:-Apple-System;color:#24292F;background:white">                This Cipher(TLS_RSA_WITH_AES_128_GCM_SHA256) is selected for negotation.</span><span style="font-size:12.0pt;color:#1F3864">      
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">            <o:p>
</o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">            Attached pcaps with good case with large list of ciphers<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864">            Does 2.4.4 supports a limited list of ciphers?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F3864"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F3864">Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F3864">Bhanu<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:red">____________________________________________________________<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F4E79">INFORMATION CLASSIFICATION: <b>IPC CONFIDENTIAL</b><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>