On Fri, May 23, 2014 at 3:10 PM, James Cloos wrote:
>> "FC" == Frank Carmickle writes:
>
> FC> Freeswitch does support most new features of openssl 1.0.1 branch. I
> FC> believe it defaults to tls1.1 currently but I believe the goal is to
> FC> only enable tls1.2, with ECDHE+AES128 by defaul
> "FC" == Frank Carmickle writes:
FC> Freeswitch does support most new features of openssl 1.0.1 branch. I
FC> believe it defaults to tls1.1 currently but I believe the goal is to
FC> only enable tls1.2, with ECDHE+AES128 by default. You can certainly
FC> ask it to do what ever openssl supp
> "JC" == James Cloos writes:
JC> Good point. A quick test shows that contacting asterisk-11 over tls/tcp
JC> negotiates rsa key exchange; kamailio does better and agrees to ECDHE-RSA.
JC> If the trace is of kama talking to asterisk ephemeral is not likely.
Sorry. I forgot which thread th
On May 23, 2014, at 12:43 PM, James Cloos wrote:
>> "FC" == Frank Carmickle writes:
>
> JC>> If you record the full packet trace, wireshark can use your privkey.pem
> JC>> to decode the tls handshake, recover the session key, and use that to
> JC>> decode the payload packets.
>
> FC> This
> "FC" == Frank Carmickle writes:
JC>> If you record the full packet trace, wireshark can use your privkey.pem
JC>> to decode the tls handshake, recover the session key, and use that to
JC>> decode the payload packets.
FC> This is true if you are not using an ephemeral Diffie Hellman cypher
On May 22, 2014, at 6:46 PM, James Cloos
wrote:
>
> If you record the full packet trace, wireshark can use your privkey.pem
> to decode the tls handshake, recover the session key, and use that to
> decode the payload packets.
>
> Cf http://wiki.wireshark.org/SSL for details.
This is true if y
> "FB" == Fabian Borot writes:
FB> modparam("tls", "private_key", "./privkey.pem")
FB> I see some encrypted packets from kamailio to the client but I don't
FB> know what is inside. Any help would be very appreciated.
If you record the full packet trace, wireshark can use your privkey.pem
t
router.org
Subject: Re: [SR-Users] TLS and SIP
On 22.05.2013 15:49, Fabian Borot wrote:
Thank you Klaus, good idea, but I forgot to mention that when I
configure the client w/o TLS using regular SIP/UDP/5060 I dont have
that problem. When the BYE from the called side comes it is sent to
the ca
at
To: fbo...@hotmail.com
CC: sr-users@lists.sip-router.org
Subject: Re: [SR-Users] TLS and SIP
On 22.05.2013 15:49, Fabian Borot wrote:
Thank you Klaus, good idea, but I forgot to mention that when I
configure the client w/o TLS using regular SIP/UDP/5060 I dont have
that problem. When the BY
you again
> Date: Thu, 23 May 2013 10:13:35 +0200
> From: klaus.mailingli...@pernau.at
> To: fbo...@hotmail.com
> CC: sr-users@lists.sip-router.org
> Subject: Re: [SR-Users] TLS and SIP
>
>
>
> On 22.05.2013 15:49, Fabian Borot wrote:
>> Thank you Klaus, goo
thank you again
Date: Wed, 22 May 2013 10:14:15 +0200 From:
klaus.mailingli...@pernau.at To: sr-users@lists.sip-router.org CC:
fbo...@hotmail.com Subject: Re: [SR-Users] TLS and SIP
On 21.05.2013 21:54, Fabian Borot wrote:
Hi
I am using Kamailio 4.0
On 5/22/13 3:49 PM, Fabian Borot wrote:
Thank you Klaus, good idea, but I forgot to mention that when I configure the
client w/o TLS using regular SIP/UDP/5060 I dont have that problem. When the
BYE from the called side comes it is sent to the calling side without any
problems.
But I do see t
again
> Date: Wed, 22 May 2013 10:14:15 +0200
> From: klaus.mailingli...@pernau.at
> To: sr-users@lists.sip-router.org
> CC: fbo...@hotmail.com
> Subject: Re: [SR-Users] TLS and SIP
>
>
>
> On 21.05.2013 21:54, Fabian Borot wrote:
>> Hi
>>
>> I am us
On 21.05.2013 21:54, Fabian Borot wrote:
Hi
I am using Kamailio 4.0.1 in front of an asterisk servers farm to handle TLS with our
clients and providers. The idea is to have kamailio "talking" SIP/UDP/5060 and
TLS/TCP/5061 with the customers and providers and regular SIP/UDP/5060 with our int
Hi
I am using Kamailio 4.0.1 in front of an asterisk servers farm to handle TLS
with our clients and providers. The idea is to have kamailio "talking"
SIP/UDP/5060 and TLS/TCP/5061 with the customers and providers and regular
SIP/UDP/5060 with our internal asterisk servers.
So far at least fo
15 matches
Mail list logo
