Thanks Klaus.<br><br>
<div><span class="gmail_quote">On 12/29/06, <b class="gmail_sendername">Klaus Darilion</b> <<a href="mailto:klaus.mailinglists@pernau.at">klaus.mailinglists@pernau.at</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">The only free TLS-capeable client is minisip.<br><br>Commercial phones with TLs support are eyebeam (IMO the best client
<br>available and IMO worth the 60$) and the SNOM hardphones.<br><br>MAybe the free snom softphone also supports TLS - but I do not know.<br><br>regards<br>klaus<br><br>On Fri, December 29, 2006 15:21, Ncheeku Baranov said:
<br>> Thanks Steffen. Is there any freely available tls client which can be used<br>> to check this settings and the handshake? That will be really helpful..<br>><br>> Best regards,<br>> NCheeku<br>><br>
><br>> On 12/28/06, Steffen Witt <<a href="mailto:witt.steffen@googlemail.com">witt.steffen@googlemail.com</a>> wrote:<br>>><br>>> Hello Ncheeku,<br>>><br>>> change to the directory with your ".pem"
<br>>> files: /usr/local/etc/openser/tls/user<br>>><br>>><br>>> Then you can test your TLS handshake with the following command:<br>>><br>>> openssl s_server -cert user-cert.pem -key user-privkey.pem
-state<br>>> -accept<br>>> 5061<br>>><br>>> Openssl simulates a TLS server with your certificate/private key files<br>>> and it accepts only requests at port 5061.<br>>><br>>><br>
>> Best regards,<br>>> Steffen<br>>><br>>><br>>><br>>> 2006/12/28, Ncheeku Baranov <<a href="mailto:opensersubscribe@gmail.com">opensersubscribe@gmail.com</a>>:<br>>> > Thanks a lot Steffen. Adding the new listen =
<br>>> udp:10.30.100.41:5060indeed<br>>> > worked. How can I check the TLS handshake using openssl at the server?<br>>> > Thanks a lot..<br>>> ><br>>> ><br>>> ><br>>> > On 12/28/06, Steffen Witt <
<a href="mailto:witt.steffen@googlemail.com">witt.steffen@googlemail.com</a>> wrote:<br>>> > > Hello again,<br>>> > ><br>>> > > maybe you should add the following line to test your non-TLS UAs:
<br>>> > ><br>>> > > disable_tls = 0<br>>> > > listen = udp:<a href="http://10.30.100.41:5060">10.30.100.41:5060</a> <---<br>>> > > listen = tls:<a href="http://10.30.100.41:5061">
10.30.100.41:5061</a><br>>> > ><br>>> > ><br>>> > > You can check your TLS handshake by simulating your server with<br>>> openssl.<br>>> > ><br>>> > ><br>>> > > Please have a look at the following link that describes the TLS
<br>>> support:<br>>> > ><br>>> > > <a href="http://www.openser.org/docs/tls.html">http://www.openser.org/docs/tls.html</a><br>>> > ><br>>> > ><br>>> > > Best regards,
<br>>> > > Steffen<br>>> > ><br>>> > ><br>>> > ><br>>> > ><br>>> > > 2006/12/28, Ncheeku Baranov <<a href="mailto:opensersubscribe@gmail.com">opensersubscribe@gmail.com
</a>>:<br>>> > > > Hi,<br>>> > > ><br>>> > > > I am trying to make my non-TLS/TLS UA register with my TLS enabled<br>>> > openSER.<br>>> > > > Currently I am just working on my local machine with the client
<br>>> UAs<br>>> on<br>>> > the<br>>> > > > same subnet,(so there is only one domain, but its not named).<br>>> Below<br>>> is<br>>> > my<br>>> > > > configuration file:
<br>>> > > ><br>>> > > > disable_tls = 0<br>>> > > > listen = tls:<a href="http://10.30.100.41:5061">10.30.100.41:5061</a><br>>> > > > tls_verify_server = 1<br>>> > > > tls_verify_client = 0
<br>>> > > > tls_require_client_certificate = 0<br>>> > > > tls_method = TLSv1<br>>> > > > tls_certificate =<br>>> > "/usr/local/etc/openser/tls/user/user-<br>>> > > >
cert.pem"<br>>> > > > tls_private_key =<br>>> > "/usr/local/etc/openser/tls/user/user-<br>>> > > > privkey.pem"<br>>> > > > tls_ca_list =<br>>> > > > "usr/local/etc/openser/tls/user/user-
calist.pem"<br>>> > > ><br>>> > > > However, with the above configuration the client UAs couldnot<br>>> register<br>>> > and I<br>>> > > > got 408 Request Time out Message. Is there any field that is
<br>>> missing<br>>> to<br>>> > make<br>>> > > > this simple scenario work? What should be the values of<br>>> > "tls_client_domain"<br>>> > > > and "tls_server_domain" fields in this case?
<br>>> > > ><br>>> > > > I noticed that when I start the openSER without TLS support using<br>>> > > > "openserctl start" and do "ps -e" after that, there are more
<br>>> openSER<br>>> > > > processes running than if I start openSER with TLS support in<br>>> which<br>>> case<br>>> > I<br>>> > > > see very few of these processes running.
<br>>> > > ><br>>> > > > Your help is much appreciated....<br>>> > > ><br>>> > > > Best regards,<br>>> > > > NCheeku<br>>> > > ><br>
>> > > > _______________________________________________<br>>> > > > Users mailing list<br>>> > > > <a href="mailto:Users@openser.org">Users@openser.org</a><br>>> > > >
<a href="http://openser.org/cgi-bin/mailman/listinfo/users">http://openser.org/cgi-bin/mailman/listinfo/users</a><br>>> > > ><br>>> > > ><br>>> > > ><br>>> > ><br>>> >
<br>>> ><br>>><br>> _______________________________________________<br>> Users mailing list<br>> <a href="mailto:Users@openser.org">Users@openser.org</a><br>> <a href="http://openser.org/cgi-bin/mailman/listinfo/users">
http://openser.org/cgi-bin/mailman/listinfo/users</a><br>><br><br><br></blockquote></div><br>