[Users] Problem registering the UA with openSER(tls enabled)

Ncheeku Baranov opensersubscribe at gmail.com
Tue Jan 2 21:28:56 CET 2007


Thanks Klaus.

On 12/29/06, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>
> The only free TLS-capeable client is minisip.
>
> Commercial phones with TLs support are eyebeam (IMO the best client
> available and IMO worth the 60$) and the SNOM hardphones.
>
> MAybe the free snom softphone also supports TLS - but I do not know.
>
> regards
> klaus
>
> On Fri, December 29, 2006 15:21, Ncheeku Baranov said:
> > Thanks Steffen. Is there any freely available tls client which can be
> used
> > to check this settings and the handshake? That will be really helpful..
> >
> > Best regards,
> > NCheeku
> >
> >
> > On 12/28/06, Steffen Witt <witt.steffen at googlemail.com> wrote:
> >>
> >> Hello Ncheeku,
> >>
> >> change to the directory with your ".pem"
> >> files:  /usr/local/etc/openser/tls/user
> >>
> >>
> >> Then you can test your TLS handshake with the following command:
> >>
> >> openssl s_server -cert user-cert.pem -key user-privkey.pem -state
> >> -accept
> >> 5061
> >>
> >> Openssl simulates a TLS server with your certificate/private key files
> >> and it accepts only requests at port 5061.
> >>
> >>
> >> Best regards,
> >> Steffen
> >>
> >>
> >>
> >> 2006/12/28, Ncheeku Baranov <opensersubscribe at gmail.com>:
> >> > Thanks a lot Steffen. Adding the new listen =
> >> udp:10.30.100.41:5060indeed
> >> > worked. How can I check the TLS handshake using openssl at the
> server?
> >> > Thanks a lot..
> >> >
> >> >
> >> >
> >> > On 12/28/06, Steffen Witt <witt.steffen at googlemail.com> wrote:
> >> > > Hello again,
> >> > >
> >> > > maybe you should add the following line to test your non-TLS UAs:
> >> > >
> >> > > disable_tls = 0
> >> > > listen = udp:10.30.100.41:5060   <---
> >> > > listen = tls:10.30.100.41:5061
> >> > >
> >> > >
> >> > > You can check your TLS handshake by simulating your server with
> >> openssl.
> >> > >
> >> > >
> >> > > Please have a look at the following link that describes the TLS
> >> support:
> >> > >
> >> > > http://www.openser.org/docs/tls.html
> >> > >
> >> > >
> >> > > Best regards,
> >> > > Steffen
> >> > >
> >> > >
> >> > >
> >> > >
> >> > > 2006/12/28, Ncheeku Baranov <opensersubscribe at gmail.com>:
> >> > > > Hi,
> >> > > >
> >> > > > I am trying to make my non-TLS/TLS UA register with my TLS
> enabled
> >> > openSER.
> >> > > > Currently I am just working on my local machine with the client
> >> UAs
> >> on
> >> > the
> >> > > > same subnet,(so there is only one domain, but its not named).
> >> Below
> >> is
> >> > my
> >> > > > configuration file:
> >> > > >
> >> > > > disable_tls = 0
> >> > > > listen = tls:10.30.100.41:5061
> >> > > > tls_verify_server = 1
> >> > > > tls_verify_client = 0
> >> > > > tls_require_client_certificate = 0
> >> > > > tls_method = TLSv1
> >> > > > tls_certificate =
> >> > "/usr/local/etc/openser/tls/user/user-
> >> > > > cert.pem"
> >> > > > tls_private_key =
> >> > "/usr/local/etc/openser/tls/user/user-
> >> > > > privkey.pem"
> >> > > > tls_ca_list =
> >> > > > "usr/local/etc/openser/tls/user/user-calist.pem"
> >> > > >
> >> > > > However, with the above configuration the client UAs couldnot
> >> register
> >> > and I
> >> > > > got 408 Request Time out Message. Is there any field that is
> >> missing
> >> to
> >> > make
> >> > > > this simple scenario work? What should be the values of
> >> > "tls_client_domain"
> >> > > > and "tls_server_domain" fields in this case?
> >> > > >
> >> > > > I noticed that when I start the openSER without TLS support using
> >> > > > "openserctl start" and do "ps -e" after that, there are more
> >> openSER
> >> > > > processes running than if I start openSER with TLS support in
> >> which
> >> case
> >> > I
> >> > > > see very few of these processes running.
> >> > > >
> >> > > > Your help is much appreciated....
> >> > > >
> >> > > > Best regards,
> >> > > > NCheeku
> >> > > >
> >> > > > _______________________________________________
> >> > > > Users mailing list
> >> > > > Users at openser.org
> >> > > > http://openser.org/cgi-bin/mailman/listinfo/users
> >> > > >
> >> > > >
> >> > > >
> >> > >
> >> >
> >> >
> >>
> > _______________________________________________
> > Users mailing list
> > Users at openser.org
> > http://openser.org/cgi-bin/mailman/listinfo/users
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20070102/246c7e2f/attachment.htm 


More information about the Users mailing list