[SR-Users] TLS and SIP

James Cloos cloos at jhcloos.com
Fri May 23 21:08:33 CEST 2014

>>>>> "JC" == James Cloos <cloos at jhcloos.com> writes:

JC> Good point.  A quick test shows that contacting asterisk-11 over tls/tcp
JC> negotiates rsa key exchange; kamailio does better and agrees to ECDHE-RSA.

JC> If the trace is of kama talking to asterisk ephemeral is not likely.

Sorry.  I forgot which thread this was on, making the above irelevant.

As such, it is more likely than not that the tls used an ephemeral suite.

In that case, to debug it, one'd have to edit kama'a tls module to leak
the incoming and outgoing session keys (probably to a file) and then,
AFAICT, edit wireshark to let one specify a session key to decrypt the
encrytped tls session.

Just be sure never to use the leaker in production.

James Cloos <cloos at jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6

More information about the sr-users mailing list