Hi Klaus,
this are the ssldump results:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
New TCP connection #1: 192.168.0.222(1619) <-> 192.168.0.89(5061)
1 1 0.2578 (0.2578) C>S Handshake
ClientHello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
TLS_DH_anon_WITH_RC4_128_MD5
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_DH_anon_WITH_DES_CBC_SHA
compression methods
NULL
1 0.4212 (0.1633) S>C TCP FIN
1 0.4225 (0.0013) C>S TCP FIN
Seems like snom doesn't offer compression methods...
regards
Andreas
-----Ursprüngliche Nachricht-----
Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at]
Gesendet: Freitag, 22. Januar 2010 16:07
An: Andreas Rehbein
Cc: sr-users(a)lists.sip-router.org
Betreff: Re: AW: AW: AW: AW: [SR-Users] TLS problems
I managed to have SNOM 320 registering at kamailio-3.0 via TLS. But I do
not have any crashes (openssl 0.9.8g-15+lenny6).
Andreas, when does the crash happen exactly: during TLS handshake or
afterwards (you can for example use "ssldump port 5061" to debug the TLS
connection)?
regards
klaus
Andreas Rehbein schrieb:
Hi Klaus,
until now (OpenSER 1.3.x without client verification) it was not necessary
to import certs into snom.
To force the snom to send Messages via tls, you need to insert something
like "192.168.0.89:5061;transport=tls" in the outbound proxy field (but
I'm
sure you already knew)
regards
Andreas
-----Ursprüngliche Nachricht-----
Von: Klaus Darilion [mailto:klaus.mailinglists@pernau.at]
Gesendet: Freitag, 22. Januar 2010 13:17
An: Andreas Rehbein
Cc: sr-users(a)lists.sip-router.org
Betreff: Re: AW: AW: AW: [SR-Users] TLS problems
Andreas Rehbein schrieb:
Hello Klaus,
Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5
OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Hi Andreas!
I fail to configure SNOM to accept the certificate. I imported the CA
cert as trusted certificates, but TLS handshake is not successful. Is
there something else I need to take care of?
I'm quite sure my certificates are OK as it works with eyebeam and
QjSimple.
regards
Klaus