<div dir="ltr"><div class="gmail_default" style="font-family:courier new,monospace">Thanks!<br><br></div><div class="gmail_default" style="font-family:courier new,monospace">Ill get a coffe! =)<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-09-25 14:39 GMT-04:30 Michael Jerris <span dir="ltr"><<a href="mailto:mike@jerris.com" target="_blank">mike@jerris.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">there was a fix for ec in wss at some point, I'd confirm this part isn't already fixed before you go too far<div class="HOEnZb"><div class="h5"><span></span><br><br>On Friday, September 25, 2015, Victor Medina <<a href="mailto:victor.medina@cibersys.com" target="_blank">victor.medina@cibersys.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:courier new,monospace">Um....<br><br></div><div class="gmail_default" style="font-family:courier new,monospace">Thinking... <br>Its a Debian 8, updated, <br>The fs is master, not the latest though... it is master from just about the time before 1.6 stable... so I probably should update...<br><br></div><div class="gmail_default" style="font-family:courier new,monospace">Running sslscan on some machine:<br><br><br>root@vm-laptop:/home/vmedina# sslscan --tls1 xxxxxxx:5061|grep Acce<br> Accepted TLSv1 256 bits ECDHE-RSA-AES256-SHA<br> Accepted TLSv1 256 bits AES256-SHA<br> Accepted TLSv1 256 bits CAMELLIA256-SHA<br> Accepted TLSv1 128 bits ECDHE-RSA-AES128-SHA<br> Accepted TLSv1 128 bits AES128-SHA<br> Accepted TLSv1 128 bits CAMELLIA128-SHA<br> Accepted TLSv1 112 bits ECDHE-RSA-DES-CBC3-SHA<br> Accepted TLSv1 112 bits DES-CBC3-SHA<br> Authority Information Access: <br>root@vm-laptop:/home/vmedina# sslscan --tls1 xxxxxxx:12443|grep Acce<br> Accepted TLSv1 256 bits AES256-SHA<br> Accepted TLSv1 256 bits CAMELLIA256-SHA<br> Accepted TLSv1 128 bits AES128-SHA<br> Accepted TLSv1 128 bits CAMELLIA128-SHA<br> Accepted TLSv1 112 bits DES-CBC3-SHA<br> Authority Information Access: <br><br><br></div><div class="gmail_default" style="font-family:courier new,monospace">Running the same test on a recent built of v1.6 <br>FreeSWITCH Version 1.6.0+git~20150903T203652Z~6762f14140~64bit (git 6762f14 2015-09-03 20:36:52Z 64bit)<br><br><br><br>root@vm-laptop:/home/vmedina# sslscan --tls1 10.0.1.180:5061|grep Acce<br> Accepted TLSv1 256 bits ECDHE-RSA-AES256-SHA<br> Accepted TLSv1 256 bits AECDH-AES256-SHA<br> Accepted TLSv1 256 bits AES256-SHA<br> Accepted TLSv1 256 bits CAMELLIA256-SHA<br> Accepted TLSv1 128 bits ECDHE-RSA-AES128-SHA<br> Accepted TLSv1 128 bits AECDH-AES128-SHA<br> Accepted TLSv1 128 bits AES128-SHA<br> Accepted TLSv1 128 bits SEED-SHA<br> Accepted TLSv1 128 bits CAMELLIA128-SHA<br> Accepted TLSv1 128 bits ECDHE-RSA-RC4-SHA<br> Accepted TLSv1 128 bits AECDH-RC4-SHA<br> Accepted TLSv1 128 bits RC4-SHA<br> Accepted TLSv1 112 bits ECDHE-RSA-DES-CBC3-SHA<br> Accepted TLSv1 112 bits AECDH-DES-CBC3-SHA<br> Accepted TLSv1 112 bits DES-CBC3-SHA<br>root@vm-laptop:/home/vmedina# sslscan --tls1 10.0.1.180:7443|grep Acce<br> Accepted TLSv1 256 bits AES256-SHA<br> Accepted TLSv1 128 bits AES128-SHA<br> Accepted TLSv1 128 bits CAMELLIA128-SHA<br> Accepted TLSv1 112 bits DES-CBC3-SHA<br><br></div><div class="gmail_default" style="font-family:courier new,monospace">Why it does not accept any PFS/curve/ephimereal cipher on the WSS binding? Like: ECDHE-RSA-AES256-SHA, AECDH-AES256-SHA, ECDHE-RSA-AES128-SHA?<br></div><div class="gmail_default" style="font-family:courier new,monospace"><br></div><div class="gmail_default" style="font-family:courier new,monospace"><br></div><div class="gmail_default" style="font-family:courier new,monospace"><br></div><div class="gmail_default" style="font-family:courier new,monospace"><br><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-09-25 13:30 GMT-04:30 Brian West <span dir="ltr"><<a>brian@freeswitch.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Careful your distro may have disabled anything EC related.</div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 25, 2015 at 9:18 AM, Victor Medina <span dir="ltr"><<a>victor.medina@cibersys.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:courier new,monospace">First of all, thanks you and Good morning!.<br><br><br></div><div class="gmail_default" style="font-family:courier new,monospace">Although I'm using:<br><br> <param name="tls-version" value="tlsv1.2"/><br> <param name="tls-ciphers" value="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"/><br><br><br></div><div class="gmail_default" style="font-family:courier new,monospace">Im getting:<br><br>New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384<br>Server public key is 2048 bit<br>Secure Renegotiation IS supported<br>Compression: NONE<span><br>Expansion: NONE<br>SSL-Session:<br> Protocol : TLSv1.2<br></span> Cipher : AES256-GCM-SHA384<br><br></div><div class="gmail_default" style="font-family:courier new,monospace">Not bad, but not ECDHE.<br><br></div><div class="gmail_default" style="font-family:courier new,monospace">Compared to our web server:<br><br>New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384<br>Server public key is 2048 bit<br>Secure Renegotiation IS supported<br>Compression: NONE<span><br>Expansion: NONE<br>SSL-Session:<br> Protocol : TLSv1.2<br> Cipher : ECDHE-RSA-AES256-GCM-SHA384<br><br></span></div><div class="gmail_default" style="font-family:courier new,monospace"><br></div><div class="gmail_default" style="font-family:courier new,monospace"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>2015-09-25 9:29 GMT-04:30 Brian West <span dir="ltr"><<a>brian@freeswitch.org</a>></span>:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>tls-cipher param.<div><div><br><br>On Friday, September 25, 2015, Victor Medina <<a>victor.medina@cibersys.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:courier new,monospace">Hi guys!<br><br></div><div class="gmail_default" style="font-family:courier new,monospace">Is there any parameter that can configure what ciphers are used on the WSS interface? <br><br></div><div class="gmail_default" style="font-family:courier new,monospace">Im am getting...<br> <br><br>WSS interface:<br>SSL-Session:<br> Protocol : TLSv1.2<br> Cipher : AES256-GCM-SHA384<br><br><br></div><div class="gmail_default" style="font-family:courier new,monospace">SIP interface, same channel:<br>Expansion: NONE<br>SSL-Session:<br> Protocol : TLSv1.2<br> Cipher : ECDHE-RSA-AES256-GCM-SHA384<br><br><br></div><div class="gmail_default" style="font-family:courier new,monospace"><br></div>-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font size="2"><span style="font-family:courier new,monospace"><br><img src="https://www.cibersys.com/img/logo-cibersys.png"><br><br>Víctor E. Medina M.<br></span></font><div><font size="2"><span style="font-family:courier new,monospace">Platform Architect / Chief Infrastructure<br></span></font></div><font size="2"><span style="font-family:courier new,monospace"><span style="display:inline"><span style="display:inline"><a>+58424 291 4561</a></span></span><br>BB #79A8AFA2<br>@VMCibersys<br></span></font></div><div dir="ltr"><font size="2"><span style="font-family:courier new,monospace"><br></span></font></div></div></div></div></div></div></div></div></div></div>
</div>
</blockquote><br><br></div></div>-- <br><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a>brian@freeswitch.org</a></span></font></p>
<p><font face="courier new, monospace" size="1"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font face="monospace, monospace" size="2"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p><p><font face="monospace, monospace">Got Bugs? Report them <a href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p>
<p><font face="monospace, monospace" size="2"><b>T:</b><a href="tel:%2B19184209001" value="+19184209001" target="_blank">+19184209001</a> | <b>F:</b><a href="tel:%2B19184209002" value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div></div></div></div></div></div></div></div><br>
<br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a>consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a>FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><span><br><br clear="all"><br>-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font size="2"><span style="font-family:courier new,monospace"><br><img src="https://www.cibersys.com/img/logo-cibersys.png"><br><br>Víctor E. Medina M.<br></span></font><div><font size="2"><span style="font-family:courier new,monospace">Platform Architect / Chief Infrastructure<br></span></font></div><font size="2"><span style="font-family:courier new,monospace"><span style="display:inline"><span style="display:inline"><a>+58424 291 4561</a></span></span><br>BB #79A8AFA2<br>@VMCibersys<br></span></font></div><div dir="ltr"><font size="2"><span style="font-family:courier new,monospace"><br></span></font></div></div></div></div></div></div></div></div></div></div>
</span></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a>consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a>FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a>brian@freeswitch.org</a></span></font></p>
<p><font face="courier new, monospace" size="1"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font face="monospace, monospace" size="2"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p><p><font face="monospace, monospace">Got Bugs? Report them <a href="https://freeswitch.org/jira" target="_blank">here</a>! | Reddit: <a href="https://www.reddit.com/r/freeswitch" target="_blank">/r/freeswitch</a></font></p>
<p><font face="monospace, monospace" size="2"><b>T:</b><a href="tel:%2B19184209001" value="+19184209001" target="_blank">+19184209001</a> | <b>F:</b><a href="tel:%2B19184209002" value="+19184209002" target="_blank">+19184209002</a> | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div></div></div></div></div></div></div></div></div>
</div>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a>consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a>FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><br>-- <br><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font size="2"><span style="font-family:courier new,monospace"><br><img src="https://www.cibersys.com/img/logo-cibersys.png"><br><br>Víctor E. Medina M.<br></span></font><div><font size="2"><span style="font-family:courier new,monospace">Platform Architect / Chief Infrastructure<br></span></font></div><font size="2"><span style="font-family:courier new,monospace"><span style="display:inline"><span style="display:inline"><a>+58424 291 4561</a></span></span><br>BB #79A8AFA2<br>@VMCibersys<br></span></font></div><div dir="ltr"><font size="2"><span style="font-family:courier new,monospace"><br></span></font></div></div></div></div></div></div></div></div></div></div>
</div>
</blockquote>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font size="2"><span style="font-family:courier new,monospace"><br><img src="https://www.cibersys.com/img/logo-cibersys.png"><br><br>Víctor E. Medina M.<br></span></font><div><font size="2"><span style="font-family:courier new,monospace">Platform Architect / Chief Infrastructure<br></span></font></div><font size="2"><span style="font-family:courier new,monospace"><span style="display:inline"><span style="display:inline"><a>+58424 291 4561</a></span></span><br>BB #79A8AFA2<br>@VMCibersys<br></span></font></div><div dir="ltr"><font size="2"><span style="font-family:courier new,monospace"><br></span></font></div></div></div></div></div></div></div></div></div></div>
</div>