RE: TLS 1.2 support in kannel

2018-11-08 Thread info.ubichip 
Many thanks Alexander.

 

In any chance do you have any kannel.conf example using this ? specially  
ssl-client-cipher-list and ssl-trusted-ca-file?

 

thanks

 

De : Alexander Malysh [mailto:malys...@gmail.com] De la part de 
amal...@kannel.org
Envoyé : jeudi 8 novembre 2018 11:13
À : info.ubichip
Cc : Web Min; users
Objet : Re: TLS 1.2 support in kannel

 

Hi,

 

please check userguide:

https://kannel.org/download/kannel-userguide-snapshot/userguide.html#AEN482

 

Special:


ssl-client-certkey-file (c)

filename

A PEM encoded SSL certificate and private key file to be used with SSL client 
connections. This certificate is used for the HTTPS client side only, i.e. for 
SMS service requests to SSL-enabled HTTP servers.


ssl-server-cert-file (c)

filename

A PEM encoded SSL certificate file to be used with SSL server connections. This 
certificate is used for the HTTPS server side only, i.e. for the administration 
HTTP server and the HTTP interface to send SMS messages.


ssl-server-key-file (c)

filename

A PEM encoded SSL private key file to be used with SSL server connections. This 
key is associated to the specified certificate and is used for the HTTPS server 
side only.


ssl-trusted-ca-file

filename

This file contains the certificates Kannel is willing to trust when working as 
a HTTPS client. If this option is not set, certificates are not validated and 
those the identity of the server is not proven.


ssl-client-cipher-list

filename

Defines the list of encryption suites and ciphers to be used for client side 
connections. For further details please see 
https://www.openssl.org/docs/manmaster/man1/ciphers.html


ssl-server-cipher-list

filename

Defines the list of encryption suites and ciphers to be used for server side 
connections. For further details please see 
https://www.openssl.org/docs/manmaster/man1/ciphers.html

 

Thanks,

Alex

 





Am 03.11.2018 um 17:25 schrieb info.ubichip :

 

Dear Alexander,

 

may you please help me to find any information about your added feature on 
SSL/TLS, specially how to efine which SSL/TLS chiper suites to use ?

 

Thanks a lot for you answer

 

De : users [  mailto:users-boun...@kannel.org] 
De la part de info.ubichip
Envoyé : samedi 3 novembre 2018 17:14
À : 'Web Min'
Cc :   users@kannel.org
Objet : RE: TLS 1.2 support in kannel

 

the email was gone too fast :

 

do you have any experience with the following added feature of the 1.4.5 
specially the one in red (le last one) ?

 

* Added OpenSSL 1.1.x support.

  

  * Added support for chained certificate files.

  

  * Added support to define which SSL/TLS chipher suites to use.

 

De : info.ubichip [  mailto:info.ubic...@free.fr] 
Envoyé : samedi 3 novembre 2018 17:12
À : 'Web Min'
Cc : '  users@kannel.org'
Objet : RE: TLS 1.2 support in kannel

 

thanks,

 

it working with 

./configure --enable-start-stop-daemon --with-mysql --enable-ssl 

 

but not with :

 

./configure --enable-start-stop-daemon --with-mysql --enable-ssl --with-ssl

Configuring OpenSSL support ...
configure: error: Unable to find OpenSSL libs and/or directories at yes

 

Do you ha

 

 

De : Web Min [mailto:meweb...@gmail.com] 
Envoyé : samedi 3 novembre 2018 09:05
À : info.ubic...@free.fr
Cc : users@kannel.org
Objet : Re: TLS 1.2 support in kannel

 

Hello,

 

In order to start with Ubuntu make sure the following packages are installed:

 

apt-get install libmysqlclient-dev libmysqld-dev libxml2 libxml2-dev bison 
byacc libssh-dev libssl-dev

 

Best Regards,

 

On Sat, Nov 3, 2018 at 1:51 AM info.ubichip <  
info.ubic...@free.fr> wrote:

hello,

I tried to reinstall a full clean machine with ubuntu 18.04 and last openssl
1.1.0g (nov 2017)
and when I tried 
./configure --enable-start-stop-daemon --with-mysql --enable-ssl --with-ssl
I got error :
Configuring OpenSSL support ...
configure: error: Unable to find OpenSSL libs and/or directories at yes

Does anyone got this error ?

thanks in advance


-Message d'origine-
De : users [mailto:  users-boun...@kannel.org] 
De la part de info.ubichip
Envoyé : vendredi 2 novembre 2018 16:41
À :   users@kannel.org
Objet : RE: TLS 1.2 support in kannel

Hello,

some update, I forgot to mention, I'm using kannel 1.4.5, and it has been
seen the following errors as well in smsbox log :

:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Does anyone have seen this issue so far ?

thanks in advance for your help

-Message d'origine-
De : users [mailto:  users-boun...@kannel.org] 
De la part de info.ubichip
Envoyé : vendredi 2 novembre 2018 09:42
À :   users@kannel.org
Objet : TLS 1.2 support in kannel
Importance : Haute

Hello,

I have similar issue with SSL and kannel, in

Re: TLS 1.2 support in kannel

2018-11-08 Thread amalysh 
Hi,

please check userguide:
https://kannel.org/download/kannel-userguide-snapshot/userguide.html#AEN482 


Special:
ssl-client-certkey-file (c) filenameA PEM encoded SSL certificate 
and private key file to be used with SSL client connections. This certificate 
is used for the HTTPS client side only, i.e. for SMS service requests to 
SSL-enabled HTTP servers.
ssl-server-cert-file (c)filenameA PEM encoded SSL certificate 
file to be used with SSL server connections. This certificate is used for the 
HTTPS server side only, i.e. for the administration HTTP server and the HTTP 
interface to send SMS messages.
ssl-server-key-file (c) filenameA PEM encoded SSL private key file to 
be used with SSL server connections. This key is associated to the specified 
certificate and is used for the HTTPS server side only.
ssl-trusted-ca-file filenameThis file contains the certificates 
Kannel is willing to trust when working as a HTTPS client. If this option is 
not set, certificates are not validated and those the identity of the server is 
not proven.
ssl-client-cipher-list  filenameDefines the list of encryption suites 
and ciphers to be used for client side connections. For further details please 
see https://www.openssl.org/docs/manmaster/man1/ciphers.html
ssl-server-cipher-list  filenameDefines the list of encryption suites 
and ciphers to be used for server side connections. For further details please 
see https://www.openssl.org/docs/manmaster/man1/ciphers.html

Thanks,
Alex


> Am 03.11.2018 um 17:25 schrieb info.ubichip :
> 
> Dear Alexander,
>  
> may you please help me to find any information about your added feature on 
> SSL/TLS, specially how to efine which SSL/TLS chiper suites to use ?
>  
> Thanks a lot for you answer
>  
> De : users [mailto:users-boun...@kannel.org 
> ] De la part de info.ubichip
> Envoyé : samedi 3 novembre 2018 17:14
> À : 'Web Min'
> Cc : users@kannel.org 
> Objet : RE: TLS 1.2 support in kannel
>  
> the email was gone too fast :
>  
> do you have any experience with the following added feature of the 1.4.5 
> specially the one in red (le last one) ?
>  
> * Added OpenSSL 1.1.x support.
>   
>   * Added support for chained certificate files.
>   
>   * Added support to define which SSL/TLS chipher suites to use.
>  
> De : info.ubichip [mailto:info.ubic...@free.fr ] 
> Envoyé : samedi 3 novembre 2018 17:12
> À : 'Web Min'
> Cc : 'users@kannel.org '
> Objet : RE: TLS 1.2 support in kannel
>  
> thanks,
>  
> it working with 
> ./configure --enable-start-stop-daemon --with-mysql --enable-ssl 
>  
> but not with :
>  
> ./configure --enable-start-stop-daemon --with-mysql --enable-ssl --with-ssl
> Configuring OpenSSL support ...
> configure: error: Unable to find OpenSSL libs and/or directories at yes
> 
>  
> Do you ha
>  
>  
> De : Web Min [mailto:meweb...@gmail.com] 
> Envoyé : samedi 3 novembre 2018 09:05
> À : info.ubic...@free.fr
> Cc : users@kannel.org
> Objet : Re: TLS 1.2 support in kannel
>  
> Hello,
>  
> In order to start with Ubuntu make sure the following packages are installed:
>  
> apt-get install libmysqlclient-dev libmysqld-dev libxml2 libxml2-dev bison 
> byacc libssh-dev libssl-dev
>  
> Best Regards,
>  
> On Sat, Nov 3, 2018 at 1:51 AM info.ubichip  > wrote:
>> hello,
>> 
>> I tried to reinstall a full clean machine with ubuntu 18.04 and last openssl
>> 1.1.0g (nov 2017)
>> and when I tried 
>> ./configure --enable-start-stop-daemon --with-mysql --enable-ssl --with-ssl
>> I got error :
>> Configuring OpenSSL support ...
>> configure: error: Unable to find OpenSSL libs and/or directories at yes
>> 
>> Does anyone got this error ?
>> 
>> thanks in advance
>> 
>> 
>> -Message d'origine-
>> De : users [mailto:users-boun...@kannel.org 
>> ] De la part de info.ubichip
>> Envoyé : vendredi 2 novembre 2018 16:41
>> À : users@kannel.org 
>> Objet : RE: TLS 1.2 support in kannel
>> 
>> Hello,
>> 
>> some update, I forgot to mention, I'm using kannel 1.4.5, and it has been
>> seen the following errors as well in smsbox log :
>> 
>> :SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
>> 
>> Does anyone have seen this issue so far ?
>> 
>> thanks in advance for your help
>> 
>> -Message d'origine-
>> De : users [mailto:users-boun...@kannel.org 
>> ] De la part de info.ubichip
>> Envoyé : vendredi 2 novembre 2018 09:42
>> À : users@kannel.org 
>> Objet : TLS 1.2 support in kannel
>> Importance : Haute
>> 
>> Hello,
>> 
>> I have similar issue with SSL and kannel, in SMSBOX it appears the following
>> errors :
>> 
>> 2018-10-01 21:11:12 [3345] [8]