[SR-Users] TLS problems

Andreas Rehbein rehbein at e-technik.org
Mon Jan 25 07:38:44 CET 2010


Hi Klaus,

this are the ssldump results:

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
New TCP connection #1: 192.168.0.222(1619) <-> 192.168.0.89(5061)
1 1  0.2578 (0.2578)  C>S  Handshake
      ClientHello
        Version 3.1
        cipher suites
        TLS_RSA_WITH_RC4_128_MD5
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_NULL_MD5
        TLS_RSA_WITH_NULL_SHA
        TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
        TLS_DH_anon_WITH_RC4_128_MD5
        TLS_RSA_WITH_DES_CBC_SHA
        TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
        TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
        TLS_DH_anon_WITH_DES_CBC_SHA
        compression methods
                  NULL
1    0.4212 (0.1633)  S>C  TCP FIN
1    0.4225 (0.0013)  C>S  TCP FIN
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Seems like snom doesn't offer compression methods...

regards 
Andreas



-----Ursprüngliche Nachricht-----
Von: Klaus Darilion [mailto:klaus.mailinglists at pernau.at] 
Gesendet: Freitag, 22. Januar 2010 16:07
An: Andreas Rehbein
Cc: sr-users at lists.sip-router.org
Betreff: Re: AW: AW: AW: AW: [SR-Users] TLS problems

I managed to have SNOM 320 registering at kamailio-3.0 via TLS. But I do 
not have any crashes (openssl 0.9.8g-15+lenny6).

Andreas, when does the crash happen exactly: during TLS handshake or 
afterwards (you can for example use "ssldump port 5061" to debug the TLS 
connection)?

regards
klaus

Andreas Rehbein schrieb:
> Hi Klaus,
> 
> until now (OpenSER 1.3.x without client verification) it was not necessary
> to import certs into snom. 
> To force the snom to send Messages via tls, you need to insert something
> like "192.168.0.89:5061;transport=tls" in the outbound proxy field (but
I'm
> sure you already knew)
> 
> regards
> Andreas
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: Klaus Darilion [mailto:klaus.mailinglists at pernau.at] 
> Gesendet: Freitag, 22. Januar 2010 13:17
> An: Andreas Rehbein
> Cc: sr-users at lists.sip-router.org
> Betreff: Re: AW: AW: AW: [SR-Users] TLS problems
> 
> 
> 
> Andreas Rehbein schrieb:
>> Hello Klaus,
>>
>> Linux: Red Hat Enterprise Linux 5; Kernel: 2.6.18-92.1.10.el5
>> OpenSSL: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
> 
> Hi Andreas!
> 
> I fail to configure SNOM to accept the certificate. I imported the CA 
> cert as trusted certificates, but TLS handshake is not successful. Is 
> there something else I need to take care of?
> 
> I'm quite sure my certificates are OK as it works with eyebeam and
QjSimple.
> 
> regards
> Klaus
> 





More information about the sr-users mailing list