<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">might need some more code to support the ecdh stuff like we had to for dtls in this commit:<div class=""><br class=""></div><div class=""><div style="margin: 0px; font-size: 13px; font-family: Monaco; color: rgb(175, 173, 36); background-color: rgb(0, 0, 0);" class="">8e1b2eab7b162c02eb5fc8e4b30aab659a69e18f</div><div class=""><br class=""></div><div class="">On Sep 29, 2015, at 1:45 PM, Victor Medina &lt;<a href="mailto:victor.medina@cibersys.com" class="">victor.medina@cibersys.com</a>&gt; wrote:<div class=""><div><blockquote type="cite" class=""><br class="Apple-interchange-newline"><div class=""><div dir="ltr" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><div class="gmail_default" style="font-family: 'courier new', monospace;">btw... I get this beautiful cipher on 5061:<br class=""><br class="">SSL-Session:<br class="">&nbsp;&nbsp;&nbsp; Protocol&nbsp; : TLSv1.2<br class="">&nbsp;&nbsp;&nbsp; Cipher&nbsp;&nbsp;&nbsp; : ECDHE-RSA-AES256-GCM-SHA384<br class=""><br class=""><br class=""></div></div><div class="gmail_extra" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><br class=""><div class="gmail_quote">2015-09-29 13:10 GMT-04:30 Victor Medina<span class="Apple-converted-space">&nbsp;</span><span dir="ltr" class="">&lt;<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>&gt;</span>:<br class=""><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div dir="ltr" class=""><div class="gmail_default" style="font-family: 'courier new', monospace;">Hi!<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Im starting to feel like this...<br class=""><br class=""><a href="http://herbookthoughts.reads-it.com/wp-content/uploads/2014/06/d6a1143f571184db25f94613edd43b40af6d3a629221aba00d9efdcfef5efd84.jpg" target="_blank" class="">http://herbookthoughts.reads-it.com/wp-content/uploads/2014/06/d6a1143f571184db25f94613edd43b40af6d3a629221aba00d9efdcfef5efd84.jpg</a><span class="Apple-converted-space">&nbsp;</span>=)<br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">I tried a few things to get ECDH or a DH Kx working on the wss, but wasn't able to get it working, Im only getting RSA Kx.<span class="Apple-converted-space">&nbsp;</span><br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">On ws.c I tried substituting the SSLv23_server_method() with the newer TLSv1_server_method() (less compatible, I know) but I always get the same ciphers and none of them is ECDH or DH.<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">I even tried disabling<span class="Apple-converted-space">&nbsp;</span><br class=""><br class="">SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv2);<br class="">SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_SSLv3);<br class="">SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_TLSv1);<br class="">SSL_CTX_set_options(globals.ssl_ctx, SSL_OP_NO_COMPRESSION);<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">and played with SSL_CTX_set_cipher_list(ws_globals.ssl_ctx, "HIGH:!DSS:!aNULL@STRENGTH"); to see if I could get a different set of ciphers(I tried: EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS 'cause its what my webserver uses) but always got the same results:<span class="Apple-converted-space">&nbsp;</span><br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">using SSLSCAN:&nbsp; TLSv1&nbsp; 256 bits&nbsp; AES256-SHA<br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">using openssl s_client/debian 8: &nbsp;&nbsp;&nbsp; TLSv1.2 AES256-GCM-SHA384<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">My vars.xml looks like:<br class=""><br class="">404&nbsp;&nbsp; &lt;X-PRE-PROCESS cmd="set" data="sip_tls_version=tlsv1,tlsv1.1,tlsv1.2"/&gt;<br class=""><br class="">416 &lt;X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"/&gt;<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;"><br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Time for a Jira bug fill?<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">As usual thanks for everything<br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">&nbsp;<br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;"><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;"><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote"><div class=""><div class="h5">2015-09-29 10:20 GMT-04:30 Michael Jerris<span class="Apple-converted-space">&nbsp;</span><span dir="ltr" class="">&lt;<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>&gt;</span>:<br class=""></div></div><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div class=""><div class="h5"><div style="word-wrap: break-word;" class="">No, its in the same file with ws.<div class=""><div class=""><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Sep 29, 2015, at 10:16 AM, Victor Medina &lt;<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>&gt; wrote:</div><br class=""><div class=""><div dir="ltr" class=""><div class="gmail_default" style="font-family: 'courier new', monospace;">Guys.<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">WSS is implemented on tport_tls.c right?<br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-09-28 17:59 GMT-04:30 Michael Jerris<span class="Apple-converted-space">&nbsp;</span><span dir="ltr" class="">&lt;<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>&gt;</span>:<br class=""><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div style="word-wrap: break-word;" class="">If this is something that is broken or will soon be, it really needs to be filed in jira or no one will be looking at it.&nbsp; If someone can work up a patch to fix this, that would be preferred.<div class=""><div class=""><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Sep 28, 2015, at 6:09 PM, Victor Medina &lt;<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>&gt; wrote:</div><br class=""><div class=""><p dir="ltr" class="">Michael.<br class="">Im having a hard time trying to get development team to use verto</p><p dir="ltr" class="">They insist on using The whole sip over ws approach since they have to Support a ios app built using cordova and Some libraries that uses sipjs.</p><p dir="ltr" class="">My other concerns is that afaik browser will requiere pfs for signalling soon</p><p dir="ltr" class="">As always thanks for Help and guidance!<br class=""></p><div class="gmail_quote">El 28/09/2015 14:47, "Michael Jerris" &lt;<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>&gt; escribió:<br type="attribution" class=""><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div style="word-wrap: break-word;" class="">websocket proxy works with mod_verto fine.<div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Sep 27, 2015, at 8:56 AM, Victor Medina &lt;<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>&gt; wrote:</div><br class=""><div class=""><div dir="ltr" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;" class=""><div class="gmail_default" style="font-family: 'courier new', monospace;">Silly question....<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Can I put Apache, doing websocket proxy infront of the WS-BINDIN (no tls) and let apache handle all tls; or there is some work involved in the Sip 2 Websocket that makes this not a recomended option?<br class=""><br class=""><br class=""></div></div><div class="gmail_extra" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><br class=""><div class="gmail_quote">2015-09-25 14:45 GMT-04:30 Victor Medina<span class="">&nbsp;</span><span dir="ltr" class="">&lt;<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>&gt;</span>:<br class=""><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div dir="ltr" class=""><div class="gmail_default" style="font-family: 'courier new', monospace;">Thanks!<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Ill get a coffe! =)<br class=""></div></div><div class=""><div class=""><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-09-25 14:39 GMT-04:30 Michael Jerris<span class="">&nbsp;</span><span dir="ltr" class="">&lt;<a href="mailto:mike@jerris.com" target="_blank" class="">mike@jerris.com</a>&gt;</span>:<br class=""><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;">there was a fix for ec in wss at some point, I'd confirm this part isn't already fixed before you go too far<div class=""><div class=""><span class=""></span><br class=""><br class="">On Friday, September 25, 2015, Victor Medina &lt;<a href="mailto:victor.medina@cibersys.com" target="_blank" class="">victor.medina@cibersys.com</a>&gt; wrote:<br class=""><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div dir="ltr" class=""><div class="gmail_default" style="font-family: 'courier new', monospace;">Um....<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Thinking...<span class="">&nbsp;</span><br class="">Its a Debian 8, updated,<span class="">&nbsp;</span><br class="">The fs is master, not the latest though... it is master from just about the time before 1.6 stable... so I probably should update...<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Running sslscan on some machine:<br class=""><br class=""><br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 xxxxxxx:5061|grep Acce<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; ECDHE-RSA-AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; CAMELLIA256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; ECDHE-RSA-AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; CAMELLIA128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; ECDHE-RSA-DES-CBC3-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; DES-CBC3-SHA<br class="">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Authority Information Access:<span class="">&nbsp;</span><br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 xxxxxxx:12443|grep Acce<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; CAMELLIA256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; CAMELLIA128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; DES-CBC3-SHA<br class="">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Authority Information Access:<span class="">&nbsp;</span><br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Running the same test on a recent built of v1.6<span class="">&nbsp;</span><br class="">FreeSWITCH Version 1.6.0+git~20150903T203652Z~6762f14140~64bit (git 6762f14 2015-09-03 20:36:52Z 64bit)<br class=""><br class=""><br class=""><br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 10.0.1.180:5061|grep Acce<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; ECDHE-RSA-AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; AECDH-AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; CAMELLIA256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; ECDHE-RSA-AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AECDH-AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; SEED-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; CAMELLIA128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; ECDHE-RSA-RC4-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AECDH-RC4-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; RC4-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; ECDHE-RSA-DES-CBC3-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; AECDH-DES-CBC3-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; DES-CBC3-SHA<br class="">root@vm-laptop:/home/vmedina# sslscan --tls1 10.0.1.180:7443|grep Acce<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; AES256-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; AES128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; CAMELLIA128-SHA<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Accepted&nbsp; TLSv1&nbsp; 112 bits&nbsp; DES-CBC3-SHA<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Why it does not accept any PFS/curve/ephimereal cipher on the WSS binding? Like: ECDHE-RSA-AES256-SHA, AECDH-AES256-SHA, ECDHE-RSA-AES128-SHA?<br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;"><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;"><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;"><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;"><br class=""><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-09-25 13:30 GMT-04:30 Brian West<span class="">&nbsp;</span><span dir="ltr" class="">&lt;<a class="">brian@freeswitch.org</a>&gt;</span>:<br class=""><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div dir="ltr" class="">Careful your distro may have disabled anything EC related.</div><div class=""><div class=""><div class="gmail_extra"><br class=""><div class="gmail_quote">On Fri, Sep 25, 2015 at 9:18 AM, Victor Medina<span class="">&nbsp;</span><span dir="ltr" class="">&lt;<a class="">victor.medina@cibersys.com</a>&gt;</span><span class="">&nbsp;</span>wrote:<br class=""><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div dir="ltr" class=""><div class="gmail_default" style="font-family: 'courier new', monospace;">First of all, thanks you and Good morning!.<br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Although I'm using:<br class=""><br class="">&nbsp;&lt;param name="tls-version" value="tlsv1.2"/&gt;<br class="">&nbsp;&lt;param name="tls-ciphers" value="ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"/&gt;<br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Im getting:<br class=""><br class="">New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384<br class="">Server public key is 2048 bit<br class="">Secure Renegotiation IS supported<br class="">Compression: NONE<span class=""><br class="">Expansion: NONE<br class="">SSL-Session:<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Protocol&nbsp; : TLSv1.2<br class=""></span>&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Cipher&nbsp;&nbsp;&nbsp; : AES256-GCM-SHA384<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Not bad, but not ECDHE.<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Compared to our web server:<br class=""><br class="">New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384<br class="">Server public key is 2048 bit<br class="">Secure Renegotiation IS supported<br class="">Compression: NONE<span class=""><br class="">Expansion: NONE<br class="">SSL-Session:<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Protocol&nbsp; : TLSv1.2<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Cipher&nbsp;&nbsp;&nbsp; : ECDHE-RSA-AES256-GCM-SHA384<br class=""><br class=""></span></div><div class="gmail_default" style="font-family: 'courier new', monospace;"><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;"><br class=""></div></div><div class="gmail_extra"><br class=""><div class="gmail_quote"><div class=""><div class="">2015-09-25 9:29 GMT-04:30 Brian West<span class="">&nbsp;</span><span dir="ltr" class="">&lt;<a class="">brian@freeswitch.org</a>&gt;</span>:<br class=""></div></div><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div class=""><div class="">tls-cipher param.<div class=""><div class=""><br class=""><br class="">On Friday, September 25, 2015, Victor Medina &lt;<a class="">victor.medina@cibersys.com</a>&gt; wrote:<br class=""><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex;"><div dir="ltr" class=""><div class="gmail_default" style="font-family: 'courier new', monospace;">Hi guys!<br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Is there any parameter that can configure what ciphers are used on the WSS interface?<span class="">&nbsp;</span><br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">Im am getting...<br class="">&nbsp;<br class=""><br class="">WSS interface:<br class="">SSL-Session:<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Protocol&nbsp; : TLSv1.2<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Cipher&nbsp;&nbsp;&nbsp; : AES256-GCM-SHA384<br class=""><br class=""><br class=""></div><div class="gmail_default" style="font-family: 'courier new', monospace;">SIP interface, same channel:<br class="">Expansion: NONE<br class="">SSL-Session:<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Protocol&nbsp; : TLSv1.2<br class="">&nbsp;&nbsp;&nbsp;<span class="">&nbsp;</span>Cipher&nbsp;&nbsp;&nbsp; : ECDHE-RSA-AES256-GCM-SHA384<br class=""><br class=""></div></div></blockquote></div></div></div></div></blockquote></div></div></blockquote></div></div></div></div></blockquote></div></div></blockquote></div></div></blockquote></div></div></div></div></blockquote></div></div></div></blockquote></div></div></div></blockquote></div></div></blockquote></div></div></div></div></div></blockquote></div></div></div></blockquote></div><br class=""></div></div></div></div><br class=""></div></div><span class="">_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services:<br class=""><a href="mailto:consulting@freeswitch.org" target="_blank" class="">consulting@freeswitch.org</a><br class=""><a href="http://www.freeswitchsolutions.com/" rel="noreferrer" target="_blank" class="">http://www.freeswitchsolutions.com</a><br class=""><br class="">Official FreeSWITCH Sites<br class=""><a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class=""><a href="http://confluence.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://confluence.freeswitch.org</a><br class=""><a href="http://www.cluecon.com/" rel="noreferrer" target="_blank" class="">http://www.cluecon.com</a><br class=""><br class="">FreeSWITCH-users mailing list<br class=""><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank" class="">FreeSWITCH-users@lists.freeswitch.org</a><br class=""><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br class="">UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank" class="">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br class=""><a href="http://www.freeswitch.org/" rel="noreferrer" target="_blank" class="">http://www.freeswitch.org</a><br class=""></span></blockquote></div><span class=""><br class=""><br clear="all" class=""><br class="">--<span class="Apple-converted-space">&nbsp;</span><br class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><font size="2" class=""><span style="font-family: 'courier new', monospace;" class=""><br class=""><img src="https://www.cibersys.com/img/logo-cibersys.png" class=""><br class=""><br class="">Víctor E. Medina M.<br class=""></span></font><div class=""><font size="2" class=""><span style="font-family: 'courier new', monospace;" class="">Platform Architect / Chief Infrastructure<br class=""></span></font></div><font size="2" class=""><span style="font-family: 'courier new', monospace;" class=""><span style="display: inline;" class=""><span style="display: inline;" class=""><a class="">+58424 291 4561</a></span></span><br class="">BB #79A8AFA2<br class="">@VMCibersys<br class=""></span></font></div><div dir="ltr" class=""><font size="2" class=""><span style="font-family: 'courier new', monospace;" class=""><br class=""></span></font></div></div></div></div></div></div></div></div></div></div></span></div></blockquote></div><br class=""><br clear="all" class=""><br class="">--<span class="Apple-converted-space">&nbsp;</span><br class=""><div class="gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><font size="2" class=""><span style="font-family: 'courier new', monospace;" class=""><br class=""><img src="https://www.cibersys.com/img/logo-cibersys.png" class=""><br class=""><br class="">Víctor E. Medina M.<br class=""></span></font><div class=""><font size="2" class=""><span style="font-family: 'courier new', monospace;" class="">Platform Architect / Chief Infrastructure<br class=""></span></font></div><font size="2" class=""><span style="font-family: 'courier new', monospace;" class=""><span style="display: inline;" class=""><span style="display: inline;" class=""><a class="">+58424 291 4561</a></span></span><br class="">BB #79A8AFA2<br class="">@VMCibersys<br class=""></span></font></div><div dir="ltr" class=""><font size="2" class=""><span style="font-family: 'courier new', monospace;" class=""><br class=""></span></font></div></div></div></div></div></div></div></div></div></div></div><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">_________________________________________________________________________</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">Professional FreeSWITCH Consulting Services:<span class="Apple-converted-space">&nbsp;</span></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="http://www.freeswitchsolutions.com" class="">http://www.freeswitchsolutions.com</a></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">Official FreeSWITCH Sites</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="http://www.freeswitch.org" class="">http://www.freeswitch.org</a></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="http://confluence.freeswitch.org" class="">http://confluence.freeswitch.org</a></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="http://www.cluecon.com" class="">http://www.cluecon.com</a></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">FreeSWITCH-users mailing list</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" class="">FreeSWITCH-users@lists.freeswitch.org</a></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class="">UNSUBSCRIBE:http://<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" class="">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; float: none; display: inline !important;" class=""><a href="http://www.freeswitch.org" class="">http://www.freeswitch.org</a></span></div></blockquote></div><br class=""></div></div></div></body></html>