>Does it support client certificate? don't know. never tested. 2012/3/13 Daniel-Constantin Mierla <mico...@gmail.com>: > On 3/12/12 4:31 PM, Kristijan Vrban wrote: >> >> the snom softphone: >> http://www.chip.de/downloads/360-Softphone_14364878.html >> >> it's completely outdated. and therefore good for such backwards >> compatible tests. > > interesting! Does it support client certificate? Or is like with snom > hardphones, it can use server certificate for encryption, but you cannot set > a client side certificate for using it to do user authentication. > > Cheers, > Daniel > > >> >> Kristijan >> >> 2012/3/12 Daniel-Constantin Mierla<mico...@gmail.com>: >>> >>> Hello, >>> >>> thanks for reporting back it's working -- please keep the mailing list >>> cc-ed, so people looking for same issue will be able to find it when >>> searching the web archive. >>> >>> I am using snom3xx with tls and kamailio 3.x a lot, never had issues, but >>> I >>> have no clue about the softphone.exe >>> >>> Cheers, >>> Daniel >>> >>> >>> On 3/11/12 8:09 PM, Kristijan Vrban wrote: >>>> >>>> Hello Daniel, >>>> >>>> many thanks for the fast reply, And yes, the session_cache option >>>> solved my problem. Well... the device i used was the immemorial >>>> snom360 softphone.exe >>>> running with wine :) The softphone i use since years for TLS testing. >>>> >>>> Kristijan >>>> >>>> 2012/3/11 Daniel-Constantin Mierla<mico...@gmail.com>: >>>>> >>>>> Hello, >>>>> >>>>> >>>>> On 3/11/12 1:28 AM, Kristijan Vrban wrote: >>>>>> >>>>>> Hello, how to tell that Kamailio should juse a session_id for tls ? >>>>>> See ssldump output below. I reckon that this is the reason the >>>>>> client i use end with "handshake_failure". Because when is use >>>>>> opensips, there is the session_id, and it's working. >>>>>> >>>>>> Kristijan >>>>>> >>>>>> 2 1 0.0228 (0.0228) C>S Handshake >>>>>> ClientHello >>>>>> Version 3.1 >>>>>> cipher suites >>>>>> TLS_RSA_WITH_RC4_128_MD5 >>>>>> TLS_RSA_WITH_RC4_128_SHA >>>>>> TLS_RSA_WITH_NULL_MD5 >>>>>> TLS_RSA_WITH_NULL_SHA >>>>>> TLS_DH_anon_WITH_3DES_EDE_CBC_SHA >>>>>> TLS_DH_anon_WITH_RC4_128_MD5 >>>>>> TLS_RSA_WITH_DES_CBC_SHA >>>>>> TLS_RSA_EXPORT1024_WITH_RC4_56_SHA >>>>>> TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA >>>>>> TLS_DH_anon_WITH_DES_CBC_SHA >>>>>> compression methods >>>>>> NULL >>>>>> 1 0.0519 (0.0519) C>S TCP FIN >>>>>> 2 2 0.0432 (0.0204) S>C Handshake >>>>>> ServerHello >>>>>> Version 3.1 >>>>>> session_id[0]= >>>>>> >>>>>> cipherSuite TLS_RSA_WITH_RC4_128_MD5 >>>>>> compressionMethod NULL >>>>>> 2 3 0.0432 (0.0000) S>C Handshake >>>>>> Certificate >>>>>> 2 4 0.0432 (0.0000) S>C Handshake >>>>>> ServerHelloDone >>>>>> 2 5 0.0452 (0.0020) C>S Alert >>>>>> level fatal >>>>>> value handshake_failure >>>>>> 1 0.0744 (0.0225) S>C TCP FIN >>>>>> 2 0.0681 (0.0228) S>C TCP FIN >>>>> >>>>> the tls module has now the option to turn on/off session caching, which >>>>> was >>>>> on by default in openser 1.x. Now it is off as it does not make much >>>>> benefits with out multi-process architecture. Try to add to your >>>>> config: >>>>> >>>>> modparam("tls", "session_cache", 1) >>>>> >>>>> Let me know if works -- the module parameter is missing from the >>>>> readme, >>>>> perhaps the author forgot to add it at the time of development -- I >>>>> will >>>>> try >>>>> to sync the sources and the readme for tls module asap. >>>>> >>>>> Cheers, >>>>> Daniel >>>>> >>>>> -- >>>>> Daniel-Constantin Mierla >>>>> Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany >>>>> http://www.asipto.com/index.php/kamailio-advanced-training/ >>>>> >>> -- >>> Daniel-Constantin Mierla >>> Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany >>> http://www.asipto.com/index.php/kamailio-advanced-training/ >>> > > -- > Daniel-Constantin Mierla > Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany > http://www.asipto.com/index.php/kamailio-advanced-training/ >
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
