<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello,</p>
<p>do you want to see the traffic from devices or want to use for
troubleshooting some app? If the second, then it might be easier
to just set the NULL encryption algorithm. Some tips and tricks to
debug TLS connections are collected at:</p>
<p> -
<a class="moz-txt-link-freetext" href="https://www.kamailio.org/wiki/tutorials/tls/testing-and-debugging">https://www.kamailio.org/wiki/tutorials/tls/testing-and-debugging</a></p>
<p>Cheers,<br>
Daniel<br>
</p>
<br>
<div class="moz-cite-prefix">On 27/03/2017 05:08, Rex Lin (林昱頡)
wrote:<br>
</div>
<blockquote
cite="mid:FA3A489946C3E743BD95EEC508DD57A3016B743AD0@MAILBX02.quanta.corp"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:新細明體;
panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
{font-family:細明體;
panose-1:2 2 5 9 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@新細明體";
panose-1:2 2 5 0 0 0 0 0 0 0;}
@font-face
{font-family:微軟正黑體;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@微軟正黑體";
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Microsoft JhengHei UI";
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@Microsoft JhengHei UI";
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@細明體";
panose-1:2 2 5 9 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"新細明體",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML 預設格式 字元";
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:細明體;
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"新細明體",serif;
color:black;}
span.HTML
{mso-style-name:"HTML 預設格式 字元";
mso-style-priority:99;
mso-style-link:"HTML 預設格式";
font-family:"Courier New";
color:black;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"
style="mso-margin-top-alt:2.0pt;margin-right:0cm;margin-bottom:2.0pt;margin-left:0cm;text-autospace:none"><a
moz-do-not-send="true" name="_MailEndCompose"><span
style="font-size:10.0pt;font-family:"Microsoft
JhengHei UI",sans-serif" lang="EN-US">Hi Max,<o:p></o:p></span></a></p>
<p class="MsoNormal" style="line-height:12.0pt;background:white"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-size:10.5pt;font-family:"微軟正黑體",sans-serif;color:#1F497D"
lang="EN-US"><o:p> </o:p></span></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:2.0pt;margin-right:0cm;margin-bottom:2.0pt;margin-left:0cm;text-autospace:none"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-size:10.0pt;font-family:"Microsoft
JhengHei UI",sans-serif" lang="EN-US">No Diffie
Hellman confirmed, we use RSA cipher instead.
</span></span><span style="mso-bookmark:_MailEndCompose"><span
style="font-family:"Calibri",sans-serif;color:windowtext"
lang="EN-US"><o:p></o:p></span></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:2.0pt;margin-right:0cm;margin-bottom:2.0pt;margin-left:0cm;text-autospace:none"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-size:10.0pt;font-family:"Microsoft
JhengHei UI",sans-serif" lang="EN-US">I found that
the problem was the TLS version;</span><span lang="EN-US"><o:p></o:p></span></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:2.0pt;margin-right:0cm;margin-bottom:2.0pt;margin-left:0cm;text-autospace:none"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-size:10.0pt;font-family:"Microsoft
JhengHei UI",sans-serif" lang="EN-US">I could see
nothing while the TLS.cfg method was configured as version
1.2, but it's okay now after switched to version 1.0, but
version 1.0 is an obsolete choice so I would rather the
v1.2 if possible.</span><span lang="EN-US"><o:p></o:p></span></span></p>
<p class="MsoNormal"
style="mso-margin-top-alt:2.0pt;margin-right:0cm;margin-bottom:2.0pt;margin-left:0cm;text-autospace:none"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-size:10.0pt;font-family:"Microsoft
JhengHei UI",sans-serif" lang="EN-US">Much appreciate
if anyone could help with this question.</span></span><span
style="mso-bookmark:_MailEndCompose"><span
style="font-size:10.0pt" lang="EN-US">
</span><span lang="EN-US"><o:p></o:p></span></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:white"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-size:10.0pt;font-family:"Microsoft
JhengHei UI",sans-serif" lang="EN-US"><o:p> </o:p></span></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:white"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-size:10.0pt;font-family:"Microsoft
JhengHei UI",sans-serif" lang="EN-US">Best Regards,<o:p></o:p></span></span></p>
<p class="MsoNormal" style="line-height:12.0pt;background:white"><span
style="mso-bookmark:_MailEndCompose"><span
style="font-size:10.0pt;font-family:"Microsoft
JhengHei UI",sans-serif" lang="EN-US">Rex Lin<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span
style="font-family:"Calibri",sans-serif;color:windowtext"
lang="EN-US"><o:p> </o:p></span></span></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"
lang="EN-US">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"
lang="EN-US"> sr-users
[<a class="moz-txt-link-freetext" href="mailto:sr-users-bounces@lists.sip-router.org">mailto:sr-users-bounces@lists.sip-router.org</a>]
<b>On Behalf Of </b>Max Muhlbronner<br>
<b>Sent:</b> Monday, March 20, 2017 4:34 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
<b>Subject:</b> Re: [SR-Users] wiresharking TLS problem<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span lang="EN-US">Hi,<br>
<br>
<br>
<a moz-do-not-send="true"
href="http://wiki.snom.com/FAQ/How_to_decode_TLS_calls_using_wireshark">http://wiki.snom.com/FAQ/How_to_decode_TLS_calls_using_wireshark</a><br>
<br>
<br>
Additionally you need make sure to not use a DH enumeral
cipher (client/server) if you want to decrypt the SIP TLS
traffic.<br>
<br>
<br>
<br>
BR<br>
<br>
Max M.<br>
<br>
On 20.03.2017 09:04, Rex Lin (</span>林昱頡<span lang="EN-US">)
wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre><span lang="EN-US">hi all<o:p></o:p></span></pre>
<pre><span lang="EN-US"><o:p> </o:p></span></pre>
<pre><span lang="EN-US">wondering if any of you has the experience of TLS decrypting,<o:p></o:p></span></pre>
<pre><span lang="EN-US">SIP client has problem while calling each other, but we are using TLS for communication protocol.....facing problem debugging it.....<o:p></o:p></span></pre>
<pre><span lang="EN-US"><o:p> </o:p></span></pre>
<pre><span lang="EN-US">Best Regards,<o:p></o:p></span></pre>
<pre><span lang="EN-US">Rex Lin<o:p></o:p></span></pre>
<pre><span lang="EN-US"><o:p> </o:p></span></pre>
<pre><span lang="EN-US"><o:p> </o:p></span></pre>
<p class="MsoNormal"><span lang="EN-US"><br>
<br>
<br>
<o:p></o:p></span></p>
<pre><span lang="EN-US">_______________________________________________<o:p></o:p></span></pre>
<pre><span lang="EN-US">SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<o:p></o:p></span></pre>
<pre><span lang="EN-US"><a moz-do-not-send="true" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><o:p></o:p></span></pre>
<pre><span lang="EN-US"><a moz-do-not-send="true" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><o:p></o:p></span></pre>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
Kamailio World Conference - May 8-10, 2017 - <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a></pre>
</body>
</html>