[Users] openser TLS error problem - sr-users

5 Oct 2006


      Hi,
I noticed that the SSL dump you ran dispays RSA 1024, while, 
openSER-1.1.0-tls uses 2048 and was wondering if one was to change openser 
RSA to 1024 what type of effect would this have on the question at hand (UA 
trying to register...)?
Noted below is the gen_rootCA.sh script with a RSA of 2048 for OpenSER:
gen_rootCA.sh:( cd $CA_PATH; openssl req -config ../$CA_CONF -x509 -newkey 
rsa:2048 -days 365 -out ./cacert.pem -outform PEM )
I am experimenting with TLS and am very new to the TLS 
functionality/performance/security protocol and would like to know if the 
descrepancy in RSA 1024 and 2048 matters? I apologize that I could not offer 
assistance but just another question.
Tracy
-----------------------------------------------------
Message: 1
Date: Thu, 05 Oct 2006 17:21:21 +0800
From: Lindsey Hans Joseph Lao llao@infoweapons.com
Subject: [Users] openser TLS error problem
To: Users@openser.org
Message-ID: 4524CE91.2050500@infoweapons.com
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hello,
I have an Openser server with TLS support running ok. However, when a UA
client tries to register with it, it gives off this error:
7(63031) tls_accept: Error in SSL:
7(63031) tls_error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number
I ran SSLDUMP and got these logs:
8 1  2.4157 (2.4157)  C>S SSLv2 compatible client hello
  Version 3.1
  cipher suites
  TLS_RSA_WITH_RC4_128_MD5
  TLS_RSA_WITH_RC4_128_SHA
  TLS_RSA_WITH_3DES_EDE_CBC_SHA
  SSL2_CK_RC4
  SSL2_CK_3DES
  SSL2_CK_RC2
  TLS_RSA_WITH_DES_CBC_SHA
  SSL2_CK_DES
  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
  TLS_RSA_EXPORT_WITH_RC4_40_MD5
  TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
  SSL2_CK_RC4_EXPORT40
  SSL2_CK_RC2_EXPORT40
  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  TLS_DHE_DSS_WITH_DES_CBC_SHA
  TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
8    2.4163 (0.0005)  S>C  TCP FIN
8    2.4165 (0.0002)  C>S  TCP FIN
Any idea of what might the problem be? Help would be greatly appreciated.
Thanks!
----------------------------
_________________________________________________________________
SearchYour way, your world, right now!  
http://imagine-windowslive.com/minisites/searchlaunch/?locale=en-us&FORM...