AJ
2012-10-04 01:32:50 UTC
Hi,
I have Kamailio 3.3.1 working fine with TLS 1.0, running on CentOS 6.3
However, now I want to use some ECDHE ciphersuites, for instance: ECDHE-ECDSA-AES128-SHA
I have built an appropriate OpenSSL (1.0.0j) in CentOS to support this, and have generated the appropriate certs:
openssl ecparam -out ca-privkey.pem -name secp256r1 -genkey -outform pem
openssl req -x509 -new -key ca-privkey.pem -out ca_cert.pem -outform PEM -days 3650
openssl ecparam -out privkey.pem -name secp256r1 -genkey -outform pem
openssl req -new -nodes -key privkey.pem -outform pem -out cert_req.pem
openssl ca -keyfile ca-privkey.pem -cert ca_cert.pem -in cert_req.pem -out cert.pem
However, when I try to connect from my phone I am always getting:
Oct 3 20:27:54 /usr/sbin/kamailio[2905]: ERROR: tls [tls_server.c:1190]: TLS accept:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Oct 3 20:27:54 /usr/sbin/kamailio[2905]: ERROR: <core> [tcp_read.c:1127]: ERROR: tcp_read_req: error reading
If I use the OpenSSL s_server test-tool, I can connect from my phone just fine with these certs:
openssl s_server -accept 8888 -cert cert.pem -key key.pem -pass stdin -CAfile calist.pem -cipher ECDHE-ECDSA-AES128-SHA
Does Kamailio support ECDHE ciphersuites?
If so, what am I doing wrong?
Thanks!
AJ
I have Kamailio 3.3.1 working fine with TLS 1.0, running on CentOS 6.3
However, now I want to use some ECDHE ciphersuites, for instance: ECDHE-ECDSA-AES128-SHA
I have built an appropriate OpenSSL (1.0.0j) in CentOS to support this, and have generated the appropriate certs:
openssl ecparam -out ca-privkey.pem -name secp256r1 -genkey -outform pem
openssl req -x509 -new -key ca-privkey.pem -out ca_cert.pem -outform PEM -days 3650
openssl ecparam -out privkey.pem -name secp256r1 -genkey -outform pem
openssl req -new -nodes -key privkey.pem -outform pem -out cert_req.pem
openssl ca -keyfile ca-privkey.pem -cert ca_cert.pem -in cert_req.pem -out cert.pem
However, when I try to connect from my phone I am always getting:
Oct 3 20:27:54 /usr/sbin/kamailio[2905]: ERROR: tls [tls_server.c:1190]: TLS accept:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Oct 3 20:27:54 /usr/sbin/kamailio[2905]: ERROR: <core> [tcp_read.c:1127]: ERROR: tcp_read_req: error reading
If I use the OpenSSL s_server test-tool, I can connect from my phone just fine with these certs:
openssl s_server -accept 8888 -cert cert.pem -key key.pem -pass stdin -CAfile calist.pem -cipher ECDHE-ECDSA-AES128-SHA
Does Kamailio support ECDHE ciphersuites?
If so, what am I doing wrong?
Thanks!
AJ