On 3/12/12 4:31 PM, Kristijan Vrban wrote:
the snom softphone:
http://www.chip.de/downloads/360-Softphone_14364878.html
it's completely outdated. and therefore good for such backwards
compatible tests.
interesting! Does it support client certificate? Or is like with snom
hardphones, it can use server certificate for encryption, but you cannot
set a client side certificate for using it to do user authentication.
Cheers,
Daniel
Kristijan
2012/3/12 Daniel-Constantin Mierla<mico...@gmail.com>:
Hello,
thanks for reporting back it's working -- please keep the mailing list
cc-ed, so people looking for same issue will be able to find it when
searching the web archive.
I am using snom3xx with tls and kamailio 3.x a lot, never had issues, but I
have no clue about the softphone.exe
Cheers,
Daniel
On 3/11/12 8:09 PM, Kristijan Vrban wrote:
Hello Daniel,
many thanks for the fast reply, And yes, the session_cache option
solved my problem. Well... the device i used was the immemorial
snom360 softphone.exe
running with wine :) The softphone i use since years for TLS testing.
Kristijan
2012/3/11 Daniel-Constantin Mierla<mico...@gmail.com>:
Hello,
On 3/11/12 1:28 AM, Kristijan Vrban wrote:
Hello, how to tell that Kamailio should juse a session_id for tls ?
See ssldump output below. I reckon that this is the reason the
client i use end with "handshake_failure". Because when is use
opensips, there is the session_id, and it's working.
Kristijan
2 1 0.0228 (0.0228) C>S Handshake
ClientHello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
TLS_DH_anon_WITH_RC4_128_MD5
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_DH_anon_WITH_DES_CBC_SHA
compression methods
NULL
1 0.0519 (0.0519) C>S TCP FIN
2 2 0.0432 (0.0204) S>C Handshake
ServerHello
Version 3.1
session_id[0]=
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
2 3 0.0432 (0.0000) S>C Handshake
Certificate
2 4 0.0432 (0.0000) S>C Handshake
ServerHelloDone
2 5 0.0452 (0.0020) C>S Alert
level fatal
value handshake_failure
1 0.0744 (0.0225) S>C TCP FIN
2 0.0681 (0.0228) S>C TCP FIN
the tls module has now the option to turn on/off session caching, which
was
on by default in openser 1.x. Now it is off as it does not make much
benefits with out multi-process architecture. Try to add to your config:
modparam("tls", "session_cache", 1)
Let me know if works -- the module parameter is missing from the readme,
perhaps the author forgot to add it at the time of development -- I will
try
to sync the sources and the readme for tls module asap.
Cheers,
Daniel
--
Daniel-Constantin Mierla
Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
http://www.asipto.com/index.php/kamailio-advanced-training/
--
Daniel-Constantin Mierla
Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
http://www.asipto.com/index.php/kamailio-advanced-training/
--
Daniel-Constantin Mierla
Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
http://www.asipto.com/index.php/kamailio-advanced-training/
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
