Am 30.09.2010 21:20, schrieb Juha Heinanen:
Juha Heinanen writes:i tried with command ssldump -i any -k /etc/sip-proxy/certs/sip-proxy/key.pem tcp and port 5061 where /etc/sip-proxy/certs/sip-proxy/key.pem is the same file as specified as tls module private key: modparam("tls", "private_key", "/etc/sip-proxy/certs/sip-proxy/key.pem") nothing comes to console. i must have misunderstood the command. i also tried with -i eth0, but it didn't help.i was able to figure out how do to it using wireshark. one needs to go to Preferences/Protocols/SSL and there add to RSA keys list: <ip-of-sip-proxy>,5061,sip,/etc/certs/sip.mydomain.com/key.pem then in Options specify 'port 5061'. after that, new ssl connections will be shown in clear. i don't know why ssldump didn't work with the same key.pem file.
Just a note: this only works when non-DH ciphers are used. I added a wiki page:
http://www.kamailio.org/dokuwiki/doku.php/tls:tls-decoding regards Klaus _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
