<div>Thanks Steffen. Is there any freely available tls client which can be used to check this settings and the handshake? That will be really helpful..</div>
<div> </div>
<div>Best regards,</div>
<div>NCheeku<br><br> </div>
<div><span class="gmail_quote">On 12/28/06, <b class="gmail_sendername">Steffen Witt</b> <<a href="mailto:witt.steffen@googlemail.com">witt.steffen@googlemail.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Hello Ncheeku,<br><br>change to the directory with your ".pem" files: /usr/local/etc/openser/tls/user
<br><br><br>Then you can test your TLS handshake with the following command:<br><br>openssl s_server -cert user-cert.pem -key user-privkey.pem -state -accept 5061<br><br>Openssl simulates a TLS server with your certificate/private key files
<br>and it accepts only requests at port 5061.<br><br><br>Best regards,<br>Steffen<br><br><br><br>2006/12/28, Ncheeku Baranov <<a href="mailto:opensersubscribe@gmail.com">opensersubscribe@gmail.com</a>>:<br>> Thanks a lot Steffen. Adding the new listen = udp:
<a href="http://10.30.100.41:5060">10.30.100.41:5060</a> indeed<br>> worked. How can I check the TLS handshake using openssl at the server?<br>> Thanks a lot..<br>><br>><br>><br>> On 12/28/06, Steffen Witt <
<a href="mailto:witt.steffen@googlemail.com">witt.steffen@googlemail.com</a>> wrote:<br>> > Hello again,<br>> ><br>> > maybe you should add the following line to test your non-TLS UAs:<br>> ><br>
> > disable_tls = 0<br>> > listen = udp:<a href="http://10.30.100.41:5060">10.30.100.41:5060</a> <---<br>> > listen = tls:<a href="http://10.30.100.41:5061">10.30.100.41:5061</a><br>> ><br>> >
<br>> > You can check your TLS handshake by simulating your server with openssl.<br>> ><br>> ><br>> > Please have a look at the following link that describes the TLS support:<br>> ><br>> >
<a href="http://www.openser.org/docs/tls.html">http://www.openser.org/docs/tls.html</a><br>> ><br>> ><br>> > Best regards,<br>> > Steffen<br>> ><br>> ><br>> ><br>> ><br>> > 2006/12/28, Ncheeku Baranov <
<a href="mailto:opensersubscribe@gmail.com">opensersubscribe@gmail.com</a>>:<br>> > > Hi,<br>> > ><br>> > > I am trying to make my non-TLS/TLS UA register with my TLS enabled<br>> openSER.
<br>> > > Currently I am just working on my local machine with the client UAs on<br>> the<br>> > > same subnet,(so there is only one domain, but its not named). Below is<br>> my<br>> > > configuration file:
<br>> > ><br>> > > disable_tls = 0<br>> > > listen = tls:<a href="http://10.30.100.41:5061">10.30.100.41:5061</a><br>> > > tls_verify_server = 1<br>> > > tls_verify_client = 0<br>
> > > tls_require_client_certificate = 0<br>> > > tls_method = TLSv1<br>> > > tls_certificate =<br>> "/usr/local/etc/openser/tls/user/user-<br>> > > cert.pem"<br>> > > tls_private_key =
<br>> "/usr/local/etc/openser/tls/user/user-<br>> > > privkey.pem"<br>> > > tls_ca_list =<br>> > > "usr/local/etc/openser/tls/user/user-calist.pem"<br>> > ><br>> > > However, with the above configuration the client UAs couldnot register
<br>> and I<br>> > > got 408 Request Time out Message. Is there any field that is missing to<br>> make<br>> > > this simple scenario work? What should be the values of<br>> "tls_client_domain"
<br>> > > and "tls_server_domain" fields in this case?<br>> > ><br>> > > I noticed that when I start the openSER without TLS support using<br>> > > "openserctl start" and do "ps -e" after that, there are more openSER
<br>> > > processes running than if I start openSER with TLS support in which case<br>> I<br>> > > see very few of these processes running.<br>> > ><br>> > > Your help is much appreciated....
<br>> > ><br>> > > Best regards,<br>> > > NCheeku<br>> > ><br>> > > _______________________________________________<br>> > > Users mailing list<br>> > > <a href="mailto:Users@openser.org">
Users@openser.org</a><br>> > > <a href="http://openser.org/cgi-bin/mailman/listinfo/users">http://openser.org/cgi-bin/mailman/listinfo/users</a><br>> > ><br>> > ><br>> > ><br>> ><br>
><br>><br></blockquote></div><br>