<div dir="auto"><span style="font-size:14px">Thanks Razvan. I have a similar set of ciphers, I will try one of the variants.</span><br>
<span style="font-size:14px">I misinterpreted NULL in that context - I didn't think of it as the name of a cipher - more like a generic value that tells Opensips/wolfssl not to encrypt (for debugging).</span><br><div dir="auto"><span style="font-size:14px"><br></span></div><div dir="auto"><span style="font-size:14px">Matt</span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Oct 2, 2023, 5:36 AM Răzvan Crainea <<a href="mailto:razvan@opensips.org" target="_blank" rel="noreferrer">razvan@opensips.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi, Matt!<br>
<br>
Are you sure that wolfssl supports the NULL cipher list? You can see all <br>
the available ciphers when OpenSIPS starts. For example, my setup has <br>
the following ciphers:<br>
<br>
```<br>
Oct 2 09:56:43 [207525] INFO:tls_wolfssl:_wolfssl_show_ciphers: <br>
Ciphers: <br>
TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256:TLS13-AES128-CCM8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA:NULL-MD5:NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CCM:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:AES128-CCM-8:AES128-CCM8:AES256-CCM-8:AES256-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-ECDSA-AES256-CCM8:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMELLIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD:ADH-AES128-SHA:ADH-AES256-GCM-SHA384:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-GCM-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:WDM-NULL-SHA256<br>
<br>
```<br>
<br>
And plain NULL cipher is not available, only a set of its other variants.<br>
<br>
Best regards,<br>
<br>
Răzvan Crainea<br>
OpenSIPS Core Developer / SIPhub CTO<br>
<a href="http://www.opensips-solutions.com" rel="noreferrer noreferrer noreferrer" target="_blank">http://www.opensips-solutions.com</a> / <a href="https://www.siphub.com" rel="noreferrer noreferrer noreferrer" target="_blank">https://www.siphub.com</a><br>
<br>
On 9/30/23 17:16, L S wrote:<br>
> Wolfssl gives an error and Opensips doesn't start when trying to set the <br>
> ciphers_list to NULL for a client domain in 3.2.13.<br>
> <br>
> modparam("tls_mgm", "ciphers_list", "[testclient]NULL")<br>
> <br>
> ERROR:tls_wolfssl:_wolfssl_init_tls_dom: failure to set SSL context <br>
> cipher list 'NULL'<br>
> <br>
> Any suggestions?<br>
> <br>
> Thanks,<br>
> Matt<br>
> <br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org" rel="noreferrer noreferrer" target="_blank">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer noreferrer noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" rel="noreferrer noreferrer" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer noreferrer noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div>