[OpenSIPS-Users] cdrtool fails to connect to mediaproxy management interface with TLS

nikita nikita at mbdsys.com
Fri May 28 18:24:13 CEST 2010 

Hello,

I have some issue connecting my cdrtool to the media-dispatcher 
management interface.
It's working fine with if I'm using a TCP transport but if i try to use 
TLS I have an error during handshake, the server could not negotiate a 
cipher suite.
Here is the output (with gnutls debug messages) :

|4|REC[0xcd2d30]: Expected Packet[0] Handshake(22) with length: 1
|4|REC[0xcd2d30]: Received Packet[0] Handshake(22) with length: 111
|2|ASSERT: gnutls_cipher.c:204
|4|REC[0xcd2d30]: Decrypted Packet[0] Handshake(22) with length: 111
|3|HSK[0xcd2d30]: CLIENT HELLO was received [111 bytes]
|3|HSK[0xcd2d30]: Client's version: 3.1
|2|ASSERT: gnutls_db.c:238
|2|EXT[0xcd2d30]: Received extension 'SERVER_NAME/0'
|2|EXT[0xcd2d30]: Received extension '(null)/35'
|2|EXT[0xcd2d30]: Received extension 'SERVER_NAME/0'
|2|EXT[0xcd2d30]: Received extension '(null)/35'
|3|HSK[0xcd2d30]: Requested cipher suites:
|3|    DHE_RSA_AES_256_CBC_SHA1
|3|    DHE_DSS_AES_256_CBC_SHA1
|3|    RSA_AES_256_CBC_SHA1
|3|    DHE_RSA_3DES_EDE_CBC_SHA1
|3|    DHE_DSS_3DES_EDE_CBC_SHA1
|3|    RSA_3DES_EDE_CBC_SHA1
|3|    DHE_RSA_AES_128_CBC_SHA1
|3|    DHE_DSS_AES_128_CBC_SHA1
|3|    RSA_AES_128_CBC_SHA1
|3|    RSA_ARCFOUR_SHA1
|3|    RSA_ARCFOUR_MD5
|3|    (null)
|3|    (null)
|3|    (null)
|3|    (null)
|3|    (null)
|3|    (null)
|3|    (null)
|3|    RSA_EXPORT_ARCFOUR_40_MD5
|3|HSK[0xcd2d30]: Supported cipher suites:
|3|    DHE_DSS_ARCFOUR_SHA1
|3|    DHE_DSS_3DES_EDE_CBC_SHA1
|3|    DHE_DSS_AES_128_CBC_SHA1
|3|    DHE_RSA_3DES_EDE_CBC_SHA1
|3|    DHE_RSA_AES_128_CBC_SHA1
|3|    RSA_ARCFOUR_SHA1
|3|    RSA_ARCFOUR_MD5
|3|    RSA_3DES_EDE_CBC_SHA1
|3|    RSA_AES_128_CBC_SHA1
|3|HSK[0xcd2d30]: Removing ciphersuite: DHE_DSS_ARCFOUR_SHA1
|3|HSK[0xcd2d30]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|3|HSK[0xcd2d30]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|3|HSK[0xcd2d30]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|3|HSK[0xcd2d30]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|3|HSK[0xcd2d30]: Removing ciphersuite: RSA_ARCFOUR_SHA1
|3|HSK[0xcd2d30]: Removing ciphersuite: RSA_ARCFOUR_MD5
|3|HSK[0xcd2d30]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1
|3|HSK[0xcd2d30]: Removing ciphersuite: RSA_AES_128_CBC_SHA1
|2|ASSERT: gnutls_handshake.c:732
|2|ASSERT: gnutls_handshake.c:477
|2|ASSERT: gnutls_handshake.c:2055
|2|ASSERT: gnutls_handshake.c:2584
|3|HSK[0xcd2d30]: recv hello (-21)
Handshake failed: Could not negotiate a supported cipher suite.

I think my error is not related to my certificates since the TLS session 
handshake is successful if I try with gnutls-serv.

Anyone have any clue ? a similar error ?

-- 
nikita

More information about the Users mailing list