[SR-Users] Enable session_id in ServerHello for TLS

Kristijan Vrban vrban.lkml at googlemail.com
Mon Mar 12 16:31:57 CET 2012


the snom softphone:
http://www.chip.de/downloads/360-Softphone_14364878.html

it's completely outdated. and therefore good for such backwards
compatible tests.

Kristijan

2012/3/12 Daniel-Constantin Mierla <miconda at gmail.com>:
> Hello,
>
> thanks for reporting back it's working -- please keep the mailing list
> cc-ed, so people looking for same issue will be able to find it when
> searching the web archive.
>
> I am using snom3xx with tls and kamailio 3.x a lot, never had issues, but I
> have no clue about the softphone.exe
>
> Cheers,
> Daniel
>
>
> On 3/11/12 8:09 PM, Kristijan Vrban wrote:
>>
>> Hello Daniel,
>>
>> many thanks for the fast reply, And yes, the session_cache option
>> solved my problem. Well... the device i used was the immemorial
>> snom360 softphone.exe
>> running with wine :) The softphone i use since years for TLS testing.
>>
>> Kristijan
>>
>> 2012/3/11 Daniel-Constantin Mierla<miconda at gmail.com>:
>>>
>>> Hello,
>>>
>>>
>>> On 3/11/12 1:28 AM, Kristijan Vrban wrote:
>>>>
>>>> Hello, how to tell that Kamailio should juse a session_id for tls ?
>>>> See ssldump output below. I reckon that this is the reason the
>>>> client i use end with "handshake_failure". Because when is use
>>>> opensips, there is the session_id, and it's working.
>>>>
>>>> Kristijan
>>>>
>>>> 2 1  0.0228 (0.0228)  C>S  Handshake
>>>>       ClientHello
>>>>         Version 3.1
>>>>         cipher suites
>>>>         TLS_RSA_WITH_RC4_128_MD5
>>>>         TLS_RSA_WITH_RC4_128_SHA
>>>>         TLS_RSA_WITH_NULL_MD5
>>>>         TLS_RSA_WITH_NULL_SHA
>>>>         TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
>>>>         TLS_DH_anon_WITH_RC4_128_MD5
>>>>         TLS_RSA_WITH_DES_CBC_SHA
>>>>         TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
>>>>         TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
>>>>         TLS_DH_anon_WITH_DES_CBC_SHA
>>>>         compression methods
>>>>                   NULL
>>>> 1    0.0519 (0.0519)  C>S  TCP FIN
>>>> 2 2  0.0432 (0.0204)  S>C  Handshake
>>>>       ServerHello
>>>>         Version 3.1
>>>>         session_id[0]=
>>>>
>>>>         cipherSuite         TLS_RSA_WITH_RC4_128_MD5
>>>>         compressionMethod                   NULL
>>>> 2 3  0.0432 (0.0000)  S>C  Handshake
>>>>       Certificate
>>>> 2 4  0.0432 (0.0000)  S>C  Handshake
>>>>       ServerHelloDone
>>>> 2 5  0.0452 (0.0020)  C>S  Alert
>>>>     level           fatal
>>>>     value           handshake_failure
>>>> 1    0.0744 (0.0225)  S>C  TCP FIN
>>>> 2    0.0681 (0.0228)  S>C  TCP FIN
>>>
>>> the tls module has now the option to turn on/off session caching, which
>>> was
>>> on by default in openser 1.x. Now it is off as it does not make much
>>> benefits with out multi-process architecture. Try to add to your config:
>>>
>>> modparam("tls", "session_cache", 1)
>>>
>>> Let me know if works -- the module parameter is missing from the readme,
>>> perhaps the author forgot to add it at the time of development -- I will
>>> try
>>> to sync the sources and the readme for tls module asap.
>>>
>>> Cheers,
>>> Daniel
>>>
>>> --
>>> Daniel-Constantin Mierla
>>> Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
>>> http://www.asipto.com/index.php/kamailio-advanced-training/
>>>
>
> --
> Daniel-Constantin Mierla
> Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
> http://www.asipto.com/index.php/kamailio-advanced-training/
>



More information about the sr-users mailing list