is there any way to know (or set) the ciphers list to be used by jitsi
when connecting over tls?
The list of ciphers is not (yet?) configurable. The active ciphers are
These are set by the JAIN-SIP stack and there is a reference to RFC3261,
I'm not sure if Jitsi is supposed to change them. I'll investigate that.
I have to correct myself: The above list is only for Jitsi's Server-Sockets,
e.g. when a registrarless SIP account is using TLS. The list of ciphers
being used for client sockets really is Java's default:
RFC3261 mandates the availability of TLS_RSA_WITH_AES_128_CBC_SHA on SIP
servers, which is among the above list. Therefore I currently don't see the
point of modifying the list of supported ciphers from within Jitsi.
If you have a cipher-suite mismatch, you should probably take a second look
at the configuration of your server and make sure that at least
TLS_RSA_WITH_AES_128_CBC_SHA is available.
I get the no shared cipher error when connection to a server built with
latest libssl 1.0.0g:
SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Also, if I try to require tlsv1 (on server side), the connection fails,
any way to configure the ssl protocol version in jitsi?
This is possible since nightly-build 3912: Tools -> Options -> Advanced ->
SIP -> Enabled SSL/TLS Protocols.
Possible options to enter there are SSLv3, TLSv1 and SSLv2Hello. Multiple
options can be specified by separating them with a comma. By default, the
default protocols of the JavaVM are used (all three for Java < 1.7 and
SSLv3, TLSv1 for Java >= 1.7).
I simplified the UI to select the protocols, you can now just tick some
checkboxes (on the same configuration page).