[Users] RE: TLS Cipher error?

Tóth Péter ptoth at lanex.hu
Fri Feb 17 11:04:13 CET 2006


Helo!

The connection failed between openser and avaya, as you can see in sshdump, because the first handshake does not succeed. The reason of the failure, i think in the cipher, sent by avaya: 
TLS_DHE_RSA_WITH_DES_CBC_SHA
After this package send a FIN, and close the connection!
This is just 1 cipher, but in openssl must be send a dozen of ciphers, or not? Openser can not choose from one... I tried with an another openssl connection to an other machine (with s_client),and the connection was successfully, and in the cipherlist there is the upon one! 

I don't know, how to delete or add ciphers to the cipherlist, may this would help me a lot! 

Thanks: Peter
-----Original Message-----
From: Klaus Darilion [mailto:klaus.mailinglists at pernau.at] 
Sent: 2006. február 17. 10:37
To: Tóth Péter
Cc: users at openser.org
Subject: Re: [Users] TLS Cipher error?

Does openser connect to avaya or vice versa?
Watch the syslog output of openser. The tls stack of opneser will log to 
syslog why the connection failed.
regards
klaus

Tóth Péter wrote:
> Helo!
> 
>  
> 
> Thans a lot for last help, I started succesfully the openser 1.0.0.0 tls 
> version, but I can not connent to an avaya pbx. The ssldump's result is 
> the following:
> 
>  
> 
> New TCP connection #1: avaya_IP(14463) <-> debianom(5061)
> 
> 1 1  0.0060 (0.0060)  C>S  Handshake
> 
>       ClientHello
> 
>         Version 3.1
> 
>         cipher suites
> 
>         TLS_DHE_RSA_WITH_DES_CBC_SHA
> 
>         compression methods
> 
>                   NULL
> 
> 1 2  0.0572 (0.0512)  S>C  Alert
> 
>     level           fatal
> 
>     value           handshake_failure
> 
> 1    0.0603 (0.0030)  C>S  TCP FIN
> 
> 1    0.0682 (0.0079)  S>C  TCP FIN
> 
>  
> 
> I do not know what is the following step. Openssl and libssl (0.9.7) are 
> installed, what should I do? I have to Edit the config-file?
> 
> I don't find these ciphers... Pls help!
> 
>  
> 
> Thanx:
> 
>  
> 
> Tóth Péter
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users







More information about the sr-users mailing list