[SR-Users] Enable session_id in ServerHello for TLS

Daniel-Constantin Mierla miconda at gmail.com
Mon Mar 12 10:15:10 CET 2012 

Hello,

thanks for reporting back it's working -- please keep the mailing list 
cc-ed, so people looking for same issue will be able to find it when 
searching the web archive.

I am using snom3xx with tls and kamailio 3.x a lot, never had issues, 
but I have no clue about the softphone.exe

Cheers,
Daniel

On 3/11/12 8:09 PM, Kristijan Vrban wrote:
> Hello Daniel,
>
> many thanks for the fast reply, And yes, the session_cache option
> solved my problem. Well... the device i used was the immemorial
> snom360 softphone.exe
> running with wine :) The softphone i use since years for TLS testing.
>
> Kristijan
>
> 2012/3/11 Daniel-Constantin Mierla<miconda at gmail.com>:
>> Hello,
>>
>>
>> On 3/11/12 1:28 AM, Kristijan Vrban wrote:
>>> Hello, how to tell that Kamailio should juse a session_id for tls ?
>>> See ssldump output below. I reckon that this is the reason the
>>> client i use end with "handshake_failure". Because when is use
>>> opensips, there is the session_id, and it's working.
>>>
>>> Kristijan
>>>
>>> 2 1  0.0228 (0.0228)  C>S  Handshake
>>>        ClientHello
>>>          Version 3.1
>>>          cipher suites
>>>          TLS_RSA_WITH_RC4_128_MD5
>>>          TLS_RSA_WITH_RC4_128_SHA
>>>          TLS_RSA_WITH_NULL_MD5
>>>          TLS_RSA_WITH_NULL_SHA
>>>          TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
>>>          TLS_DH_anon_WITH_RC4_128_MD5
>>>          TLS_RSA_WITH_DES_CBC_SHA
>>>          TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
>>>          TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
>>>          TLS_DH_anon_WITH_DES_CBC_SHA
>>>          compression methods
>>>                    NULL
>>> 1    0.0519 (0.0519)  C>S  TCP FIN
>>> 2 2  0.0432 (0.0204)  S>C  Handshake
>>>        ServerHello
>>>          Version 3.1
>>>          session_id[0]=
>>>
>>>          cipherSuite         TLS_RSA_WITH_RC4_128_MD5
>>>          compressionMethod                   NULL
>>> 2 3  0.0432 (0.0000)  S>C  Handshake
>>>        Certificate
>>> 2 4  0.0432 (0.0000)  S>C  Handshake
>>>        ServerHelloDone
>>> 2 5  0.0452 (0.0020)  C>S  Alert
>>>      level           fatal
>>>      value           handshake_failure
>>> 1    0.0744 (0.0225)  S>C  TCP FIN
>>> 2    0.0681 (0.0228)  S>C  TCP FIN
>> the tls module has now the option to turn on/off session caching, which was
>> on by default in openser 1.x. Now it is off as it does not make much
>> benefits with out multi-process architecture. Try to add to your config:
>>
>> modparam("tls", "session_cache", 1)
>>
>> Let me know if works -- the module parameter is missing from the readme,
>> perhaps the author forgot to add it at the time of development -- I will try
>> to sync the sources and the readme for tls module asap.
>>
>> Cheers,
>> Daniel
>>
>> --
>> Daniel-Constantin Mierla
>> Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
>> http://www.asipto.com/index.php/kamailio-advanced-training/
>>

-- 
Daniel-Constantin Mierla
Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
http://www.asipto.com/index.php/kamailio-advanced-training/

More information about the sr-users mailing list