Many thanks Alexander.



In any chance do you have any kannel.conf example using this ? specially ssl-client-cipher-list and ssl-trusted-ca-file?



thanks



De : Alexander Malysh [mailto:***@gmail.com] De la part de ***@kannel.org
Envoyé : jeudi 8 novembre 2018 11:13
À : info.ubichip
Cc : Web Min; users
Objet : Re: TLS 1.2 support in kannel



Hi,



please check userguide:

https://kannel.org/download/kannel-userguide-snapshot/userguide.html#AEN482



Special:


ssl-client-certkey-file (c)

filename

A PEM encoded SSL certificate and private key file to be used with SSL client connections. This certificate is used for the HTTPS client side only, i.e. for SMS service requests to SSL-enabled HTTP servers.


ssl-server-cert-file (c)

filename

A PEM encoded SSL certificate file to be used with SSL server connections. This certificate is used for the HTTPS server side only, i.e. for the administration HTTP server and the HTTP interface to send SMS messages.


ssl-server-key-file (c)

filename

A PEM encoded SSL private key file to be used with SSL server connections. This key is associated to the specified certificate and is used for the HTTPS server side only.


ssl-trusted-ca-file

filename

This file contains the certificates Kannel is willing to trust when working as a HTTPS client. If this option is not set, certificates are not validated and those the identity of the server is not proven.


ssl-client-cipher-list

filename

Defines the list of encryption suites and ciphers to be used for client side connections. For further details please see https://www.openssl.org/docs/manmaster/man1/ciphers.html


ssl-server-cipher-list

filename

Defines the list of encryption suites and ciphers to be used for server side connections. For further details please see https://www.openssl.org/docs/manmaster/man1/ciphers.html



Thanks,

Alex







Am 03.11.2018 um 17:25 schrieb info.ubichip <***@free.fr>:



Dear Alexander,



may you please help me to find any information about your added feature on SSL/TLS, specially how to efine which SSL/TLS chiper suites to use ?



Thanks a lot for you answer



De : users [ <mailto:users-***@kannel.org> mailto:users-***@kannel.org] De la part de info.ubichip
Envoyé : samedi 3 novembre 2018 17:14
À : 'Web Min'
Cc : <mailto:***@kannel.org> ***@kannel.org
Objet : RE: TLS 1.2 support in kannel



the email was gone too fast :



do you have any experience with the following added feature of the 1.4.5 specially the one in red (le last one) ?



* Added OpenSSL 1.1.x support.



* Added support for chained certificate files.



* Added support to define which SSL/TLS chipher suites to use.



De : info.ubichip [ <mailto:***@free.fr> mailto:***@free.fr]
Envoyé : samedi 3 novembre 2018 17:12
À : 'Web Min'
Cc : ' <mailto:***@kannel.org> ***@kannel.org'
Objet : RE: TLS 1.2 support in kannel



thanks,



it working with

./configure --enable-start-stop-daemon --with-mysql --enable-ssl



but not with :



./configure --enable-start-stop-daemon --with-mysql --enable-ssl --with-ssl

Configuring OpenSSL support ...
configure: error: Unable to find OpenSSL libs and/or directories at yes



Do you ha





De : Web Min [mailto:***@gmail.com]
Envoyé : samedi 3 novembre 2018 09:05
À : ***@free.fr
Cc : ***@kannel.org
Objet : Re: TLS 1.2 support in kannel



Hello,



In order to start with Ubuntu make sure the following packages are installed:



apt-get install libmysqlclient-dev libmysqld-dev libxml2 libxml2-dev bison byacc libssh-dev libssl-dev



Best Regards,



On Sat, Nov 3, 2018 at 1:51 AM info.ubichip < <mailto:***@free.fr> ***@free.fr> wrote:

hello,

I tried to reinstall a full clean machine with ubuntu 18.04 and last openssl
1.1.0g (nov 2017)
and when I tried
./configure --enable-start-stop-daemon --with-mysql --enable-ssl --with-ssl
I got error :
Configuring OpenSSL support ...
configure: error: Unable to find OpenSSL libs and/or directories at yes

Does anyone got this error ?

thanks in advance


-----Message d'origine-----
De : users [mailto: <mailto:users-***@kannel.org> users-***@kannel.org] De la part de info.ubichip
Envoyé : vendredi 2 novembre 2018 16:41
À : <mailto:***@kannel.org> ***@kannel.org
Objet : RE: TLS 1.2 support in kannel

Hello,

some update, I forgot to mention, I'm using kannel 1.4.5, and it has been
seen the following errors as well in smsbox log :

:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Does anyone have seen this issue so far ?

thanks in advance for your help

-----Message d'origine-----
De : users [mailto: <mailto:users-***@kannel.org> users-***@kannel.org] De la part de info.ubichip
Envoyé : vendredi 2 novembre 2018 09:42
À : <mailto:***@kannel.org> ***@kannel.org
Objet : TLS 1.2 support in kannel
Importance : Haute

Hello,

I have similar issue with SSL and kannel, in SMSBOX it appears the following
errors :

2018-10-01 21:11:12 [3345] [8] ERROR: Couldn't fetch
< <https://www.joe.com/input.php?from=%2B712341234> https://www.joe.com/input.php?from=%2B712341234>
2018-10-01 21:11:32 [3345] [8] ERROR: SSL write failed: OpenSSL error 1:
error:00000001:lib(0):func(0):reason(1)
2018-10-01 21:11:32 [3345] [8] ERROR: SSL write failed: OpenSSL error 1:
error:00000001:lib(0):func(0):reason(1)
2018-10-01 21:11:32 [3345] [8] ERROR: SSL read failed: OpenSSL error 1:
error:00000001:lib(0):func(0):reason(1)

It is related to the fact the web site drop TLS1 and TLS1.1 and is using
only TLS 1.2 and up. Does someone got similar issue and how to resolve or
patch it ?

Thanks in advance for your help