[SR-Users] TLS and SIP

James Cloos cloos at jhcloos.com
Fri May 23 18:43:21 CEST 2014

>>>>> "FC" == Frank Carmickle <frank at carmickle.com> writes:

JC>> If you record the full packet trace, wireshark can use your privkey.pem
JC>> to decode the tls handshake, recover the session key, and use that to
JC>> decode the payload packets.

FC> This is true if you are not using an ephemeral Diffie Hellman cypher suite.

Good point.  A quick test shows that contacting asterisk-11 over tls/tcp
negotiates rsa key exchange; kamailio does better and agrees to ECDHE-RSA.

If the trace is of kama talking to asterisk ephemeral is not likely.
Asterisk-12 may be better; I cannot test right now.  Nor can I test

James Cloos <cloos at jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6

More information about the sr-users mailing list