Hello, how to tell that Kamailio should juse a session_id for tls ? See ssldump output below. I reckon that this is the reason the client i use end with "handshake_failure". Because when is use opensips, there is the session_id, and it's working.
Kristijan
2 1 0.0228 (0.0228) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 0.0519 (0.0519) C>S TCP FIN 2 2 0.0432 (0.0204) S>C Handshake ServerHello Version 3.1 session_id[0]=
cipherSuite TLS_RSA_WITH_RC4_128_MD5 compressionMethod NULL 2 3 0.0432 (0.0000) S>C Handshake Certificate 2 4 0.0432 (0.0000) S>C Handshake ServerHelloDone 2 5 0.0452 (0.0020) C>S Alert level fatal value handshake_failure 1 0.0744 (0.0225) S>C TCP FIN 2 0.0681 (0.0228) S>C TCP FIN
Hello,
On 3/11/12 1:28 AM, Kristijan Vrban wrote:
Hello, how to tell that Kamailio should juse a session_id for tls ? See ssldump output below. I reckon that this is the reason the client i use end with "handshake_failure". Because when is use opensips, there is the session_id, and it's working.
Kristijan
2 1 0.0228 (0.0228) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 0.0519 (0.0519) C>S TCP FIN 2 2 0.0432 (0.0204) S>C Handshake ServerHello Version 3.1 session_id[0]=
cipherSuite TLS_RSA_WITH_RC4_128_MD5 compressionMethod NULL2 3 0.0432 (0.0000) S>C Handshake Certificate 2 4 0.0432 (0.0000) S>C Handshake ServerHelloDone 2 5 0.0452 (0.0020) C>S Alert level fatal value handshake_failure 1 0.0744 (0.0225) S>C TCP FIN 2 0.0681 (0.0228) S>C TCP FIN
the tls module has now the option to turn on/off session caching, which was on by default in openser 1.x. Now it is off as it does not make much benefits with out multi-process architecture. Try to add to your config:
modparam("tls", "session_cache", 1)
Let me know if works -- the module parameter is missing from the readme, perhaps the author forgot to add it at the time of development -- I will try to sync the sources and the readme for tls module asap.
Cheers, Daniel
-
Daniel-Constantin Mierla -
Kristijan Vrban