[Freeswitch-users] WSS/Sip over Websocket - Any parameter that controls CHIPERS suites?

Victor Medina victor.medina at cibersys.com
Fri Sep 25 20:09:43 MSD 2015


Guys.

It seams that tls-ciphers param only affects SIP and has no effects on
ciphers implemented by wss-binding.


Am I missing soemthing?

Current config is:

404   <X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1.1,tlsv1.2"/>
415   <X-PRE-PROCESS cmd="set"
data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/>


2015-09-25 9:48 GMT-04:30 Victor Medina <victor.medina at cibersys.com>:

> First of all, thanks you and Good morning!.
>
>
> Although I'm using:
>
>  <param name="tls-version" value="tlsv1.2"/>
>  <param name="tls-ciphers"
> value="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"/>
>
>
> Im getting:
>
> New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : AES256-GCM-SHA384
>
> Not bad, but not ECDHE.
>
> Compared to our web server:
>
> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : ECDHE-RSA-AES256-GCM-SHA384
>
>
>
>
> 2015-09-25 9:29 GMT-04:30 Brian West <brian at freeswitch.org>:
>
>> tls-cipher param.
>>
>>
>> On Friday, September 25, 2015, Victor Medina <victor.medina at cibersys.com>
>> wrote:
>>
>>> Hi guys!
>>>
>>> Is there any parameter that can configure what ciphers are used on the
>>> WSS interface?
>>>
>>> Im am getting...
>>>
>>>
>>> WSS interface:
>>> SSL-Session:
>>>     Protocol  : TLSv1.2
>>>     Cipher    : AES256-GCM-SHA384
>>>
>>>
>>> SIP interface, same channel:
>>> Expansion: NONE
>>> SSL-Session:
>>>     Protocol  : TLSv1.2
>>>     Cipher    : ECDHE-RSA-AES256-GCM-SHA384
>>>
>>>
>>>
>>> --
>>>
>>>
>>>
>>> Víctor E. Medina M.
>>> Platform Architect / Chief Infrastructure
>>> +58424 291 4561
>>> BB #79A8AFA2
>>> @VMCibersys
>>>
>>>
>>
>> --
>>
>> *Brian West*
>> brian at freeswitch.org
>>
>>
>> *Twitter: @FreeSWITCH , @briankwest*
>> http://www.freeswitchbook.com
>> http://www.freeswitchcookbook.com
>>
>> Got Bugs? Report them here <https://freeswitch.org/jira>! | Reddit:
>> /r/freeswitch <https://www.reddit.com/r/freeswitch>
>>
>> *T:*+19184209001 | *F:*+19184209002 | *M:*+1918424WEST (9378)
>> *iNUM:*+883 5100 1420 9001 | *ISN:*410*543 | *Skype:*briankwest
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
>
> --
>
>
>
> Víctor E. Medina M.
> Platform Architect / Chief Infrastructure
> +58424 291 4561
> BB #79A8AFA2
> @VMCibersys
>
>


-- 



Víctor E. Medina M.
Platform Architect / Chief Infrastructure
+58424 291 4561
BB #79A8AFA2
@VMCibersys
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150925/d70b4962/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list