[SR-Users] Enable session_id in ServerHello for TLS
Daniel-Constantin Mierla
miconda at gmail.com
Tue Mar 13 18:58:14 CET 2012
On 3/12/12 4:31 PM, Kristijan Vrban wrote:
> the snom softphone:
> http://www.chip.de/downloads/360-Softphone_14364878.html
>
> it's completely outdated. and therefore good for such backwards
> compatible tests.
interesting! Does it support client certificate? Or is like with snom
hardphones, it can use server certificate for encryption, but you cannot
set a client side certificate for using it to do user authentication.
Cheers,
Daniel
>
> Kristijan
>
> 2012/3/12 Daniel-Constantin Mierla<miconda at gmail.com>:
>> Hello,
>>
>> thanks for reporting back it's working -- please keep the mailing list
>> cc-ed, so people looking for same issue will be able to find it when
>> searching the web archive.
>>
>> I am using snom3xx with tls and kamailio 3.x a lot, never had issues, but I
>> have no clue about the softphone.exe
>>
>> Cheers,
>> Daniel
>>
>>
>> On 3/11/12 8:09 PM, Kristijan Vrban wrote:
>>> Hello Daniel,
>>>
>>> many thanks for the fast reply, And yes, the session_cache option
>>> solved my problem. Well... the device i used was the immemorial
>>> snom360 softphone.exe
>>> running with wine :) The softphone i use since years for TLS testing.
>>>
>>> Kristijan
>>>
>>> 2012/3/11 Daniel-Constantin Mierla<miconda at gmail.com>:
>>>> Hello,
>>>>
>>>>
>>>> On 3/11/12 1:28 AM, Kristijan Vrban wrote:
>>>>> Hello, how to tell that Kamailio should juse a session_id for tls ?
>>>>> See ssldump output below. I reckon that this is the reason the
>>>>> client i use end with "handshake_failure". Because when is use
>>>>> opensips, there is the session_id, and it's working.
>>>>>
>>>>> Kristijan
>>>>>
>>>>> 2 1 0.0228 (0.0228) C>S Handshake
>>>>> ClientHello
>>>>> Version 3.1
>>>>> cipher suites
>>>>> TLS_RSA_WITH_RC4_128_MD5
>>>>> TLS_RSA_WITH_RC4_128_SHA
>>>>> TLS_RSA_WITH_NULL_MD5
>>>>> TLS_RSA_WITH_NULL_SHA
>>>>> TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
>>>>> TLS_DH_anon_WITH_RC4_128_MD5
>>>>> TLS_RSA_WITH_DES_CBC_SHA
>>>>> TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
>>>>> TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
>>>>> TLS_DH_anon_WITH_DES_CBC_SHA
>>>>> compression methods
>>>>> NULL
>>>>> 1 0.0519 (0.0519) C>S TCP FIN
>>>>> 2 2 0.0432 (0.0204) S>C Handshake
>>>>> ServerHello
>>>>> Version 3.1
>>>>> session_id[0]=
>>>>>
>>>>> cipherSuite TLS_RSA_WITH_RC4_128_MD5
>>>>> compressionMethod NULL
>>>>> 2 3 0.0432 (0.0000) S>C Handshake
>>>>> Certificate
>>>>> 2 4 0.0432 (0.0000) S>C Handshake
>>>>> ServerHelloDone
>>>>> 2 5 0.0452 (0.0020) C>S Alert
>>>>> level fatal
>>>>> value handshake_failure
>>>>> 1 0.0744 (0.0225) S>C TCP FIN
>>>>> 2 0.0681 (0.0228) S>C TCP FIN
>>>> the tls module has now the option to turn on/off session caching, which
>>>> was
>>>> on by default in openser 1.x. Now it is off as it does not make much
>>>> benefits with out multi-process architecture. Try to add to your config:
>>>>
>>>> modparam("tls", "session_cache", 1)
>>>>
>>>> Let me know if works -- the module parameter is missing from the readme,
>>>> perhaps the author forgot to add it at the time of development -- I will
>>>> try
>>>> to sync the sources and the readme for tls module asap.
>>>>
>>>> Cheers,
>>>> Daniel
>>>>
>>>> --
>>>> Daniel-Constantin Mierla
>>>> Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
>>>> http://www.asipto.com/index.php/kamailio-advanced-training/
>>>>
>> --
>> Daniel-Constantin Mierla
>> Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
>> http://www.asipto.com/index.php/kamailio-advanced-training/
>>
--
Daniel-Constantin Mierla
Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
http://www.asipto.com/index.php/kamailio-advanced-training/
More information about the sr-users
mailing list