Hi, please check userguide: https://kannel.org/download/kannel-userguide-snapshot/userguide.html#AEN482 <https://kannel.org/download/kannel-userguide-snapshot/userguide.html#AEN482>
Special: ssl-client-certkey-file (c) filename A PEM encoded SSL certificate and private key file to be used with SSL client connections. This certificate is used for the HTTPS client side only, i.e. for SMS service requests to SSL-enabled HTTP servers. ssl-server-cert-file (c) filename A PEM encoded SSL certificate file to be used with SSL server connections. This certificate is used for the HTTPS server side only, i.e. for the administration HTTP server and the HTTP interface to send SMS messages. ssl-server-key-file (c) filename A PEM encoded SSL private key file to be used with SSL server connections. This key is associated to the specified certificate and is used for the HTTPS server side only. ssl-trusted-ca-file filename This file contains the certificates Kannel is willing to trust when working as a HTTPS client. If this option is not set, certificates are not validated and those the identity of the server is not proven. ssl-client-cipher-list filename Defines the list of encryption suites and ciphers to be used for client side connections. For further details please see https://www.openssl.org/docs/manmaster/man1/ciphers.html ssl-server-cipher-list filename Defines the list of encryption suites and ciphers to be used for server side connections. For further details please see https://www.openssl.org/docs/manmaster/man1/ciphers.html Thanks, Alex > Am 03.11.2018 um 17:25 schrieb info.ubichip <info.ubic...@free.fr>: > > Dear Alexander, > > may you please help me to find any information about your added feature on > SSL/TLS, specially how to efine which SSL/TLS chiper suites to use ? > > Thanks a lot for you answer > > De : users [mailto:users-boun...@kannel.org > <mailto:users-boun...@kannel.org>] De la part de info.ubichip > Envoyé : samedi 3 novembre 2018 17:14 > À : 'Web Min' > Cc : users@kannel.org <mailto:users@kannel.org> > Objet : RE: TLS 1.2 support in kannel > > the email was gone too fast : > > do you have any experience with the following added feature of the 1.4.5 > specially the one in red (le last one) ? > > * Added OpenSSL 1.1.x support. > > * Added support for chained certificate files. > > * Added support to define which SSL/TLS chipher suites to use. > > De : info.ubichip [mailto:info.ubic...@free.fr <mailto:info.ubic...@free.fr>] > Envoyé : samedi 3 novembre 2018 17:12 > À : 'Web Min' > Cc : 'users@kannel.org <mailto:users@kannel.org>' > Objet : RE: TLS 1.2 support in kannel > > thanks, > > it working with > ./configure --enable-start-stop-daemon --with-mysql --enable-ssl > > but not with : > > ./configure --enable-start-stop-daemon --with-mysql --enable-ssl --with-ssl > Configuring OpenSSL support ... > configure: error: Unable to find OpenSSL libs and/or directories at yes > > > Do you ha > > > De : Web Min [mailto:meweb...@gmail.com] > Envoyé : samedi 3 novembre 2018 09:05 > À : info.ubic...@free.fr > Cc : users@kannel.org > Objet : Re: TLS 1.2 support in kannel > > Hello, > > In order to start with Ubuntu make sure the following packages are installed: > > apt-get install libmysqlclient-dev libmysqld-dev libxml2 libxml2-dev bison > byacc libssh-dev libssl-dev > > Best Regards, > > On Sat, Nov 3, 2018 at 1:51 AM info.ubichip <info.ubic...@free.fr > <mailto:info.ubic...@free.fr>> wrote: >> hello, >> >> I tried to reinstall a full clean machine with ubuntu 18.04 and last openssl >> 1.1.0g (nov 2017) >> and when I tried >> ./configure --enable-start-stop-daemon --with-mysql --enable-ssl --with-ssl >> I got error : >> Configuring OpenSSL support ... >> configure: error: Unable to find OpenSSL libs and/or directories at yes >> >> Does anyone got this error ? >> >> thanks in advance >> >> >> -----Message d'origine----- >> De : users [mailto:users-boun...@kannel.org >> <mailto:users-boun...@kannel.org>] De la part de info.ubichip >> Envoyé : vendredi 2 novembre 2018 16:41 >> À : users@kannel.org <mailto:users@kannel.org> >> Objet : RE: TLS 1.2 support in kannel >> >> Hello, >> >> some update, I forgot to mention, I'm using kannel 1.4.5, and it has been >> seen the following errors as well in smsbox log : >> >> :SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure >> >> Does anyone have seen this issue so far ? >> >> thanks in advance for your help >> >> -----Message d'origine----- >> De : users [mailto:users-boun...@kannel.org >> <mailto:users-boun...@kannel.org>] De la part de info.ubichip >> Envoyé : vendredi 2 novembre 2018 09:42 >> À : users@kannel.org <mailto:users@kannel.org> >> Objet : TLS 1.2 support in kannel >> Importance : Haute >> >> Hello, >> >> I have similar issue with SSL and kannel, in SMSBOX it appears the following >> errors : >> >> 2018-10-01 21:11:12 [3345] [8] ERROR: Couldn't fetch >> <https://www.joe.com/input.php?from=%2B712341234 >> <https://www.joe.com/input.php?from=%2B712341234>> >> 2018-10-01 21:11:32 [3345] [8] ERROR: SSL write failed: OpenSSL error 1: >> error:00000001:lib(0):func(0):reason(1) >> 2018-10-01 21:11:32 [3345] [8] ERROR: SSL write failed: OpenSSL error 1: >> error:00000001:lib(0):func(0):reason(1) >> 2018-10-01 21:11:32 [3345] [8] ERROR: SSL read failed: OpenSSL error 1: >> error:00000001:lib(0):func(0):reason(1) >> >> It is related to the fact the web site drop TLS1 and TLS1.1 and is using >> only TLS 1.2 and up. Does someone got similar issue and how to resolve or >> patch it ? >> >> Thanks in advance for your help >> >> >> >>
