[Serusers] SER with TLS

Katty Xiong cyyxiong at yahoo.com
Tue Apr 3 21:48:29 CEST 2007 


No, I didn't see anything related with SER in syslog.
But after I start SER, there is something strange on
the screen:

TLS<default>:cipher_list='

It shows only a single quote. This line seems to me
that the cipher list is not set up.

I am using the SER2.0.0+cvs20070315.

Joy

--- Jan Janak <jan at iptel.org> wrote:

> Is there anything in syslog?
> 
>   Jan.
> 
> Katty Xiong wrote:
> > 
> > Yes. I configured SER to listen on tls using
> > listen parameter.
> > 
> > listen=tls:199.199.2.50:5061
> > 
> > Actually from the system I can see TCP connection
> for
> > this tls is established. But somehow the tls
> process
> > does not responde to the ClientHello message.
> > 
> > thanks,
> > Joy
> > 
> > 
> > --- Jan Janak <jan at iptel.org> wrote:
> > 
> >> Katty Xiong wrote:
> >>> I am using SER ottendorf with TLS protocol and
> >> have
> >>> the following issues. Does anybody experience
> >> similar
> >>> problems? 
> >>>
> >>> SER cannot run with the following setup in the
> >>> configuration file: (I follow this link to setup
> >> key
> >>> and certificate:
> >>>
> >
>
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/tls/README?rev=1.1&content-type=text/plain)
> >>> modparam("tls", "private_key", "cakey.pem")
> >>> modparam("tls", "certificate", "cacert.pem")
> >>> modparam("tls", "ca_list", "calist.pem") 
> >>> modparam("tls", "cipher_list", "HIGH");
> >>   You don't need that option unless you want to
> >> restrict thee
> >>   list of ciphers that are available. openssl
> uses
> >> all available
> >>   ciphers by default.
> >>
> >>> With the last line commented out:
> >>> #modparam("tls", "cipher_list", "HIGH");
> >>> SER can start, but the tls connection cannot be
> >>> established. Network trace shows SER does not
> >> responde
> >>> to ClientHello sent by client.
> >>   A couple of quick questions:
> >>
> >>   - Have you configured SER to listen on tls
> using
> >> listen parameter?
> >>   - Are you connecting to the right port (i.e.
> 5061
> >> and not 5060) ?
> >>
> >>     Jan.
> >>
> > 
> > 
> > 
> >  
> >
>
____________________________________________________________________________________
> > Finding fabulous fares is fun.  
> > Let Yahoo! FareChase search your favorite travel
> sites to find flight and hotel bargains.
> > http://farechase.yahoo.com/promo-generic-14795097
> > 
> 
> 



 
____________________________________________________________________________________
Don't pick lemons.
See all the new 2007 cars at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html

More information about the sr-users mailing list