[OpenSIPS-Users] TLS discrepancy between 1.7.1 and 1.11.5

Bogdan-Andrei Iancu bogdan at opensips.org
Mon Aug 31 22:19:21 CEST 2015


Hi Matt,

Indeed, the SIP messages do look ok.

Could you post the OpenSIPS logs (in debug 4) for processing the NOTIFY 
request ?

Regards,

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com

On 31.08.2015 20:07, Matt Hamilton wrote:
>
> Hi Bogdan,
>
>
> Pastebin link is http://pastebin.com/tM7zqTKX
>
>
> I included both 1.7.1 and 1.11 captures. I don't see a difference 
> between them other than 1.11 sending the NOTIFY to UAC unencrypted.
>
> Btw, INVITEs seems to be behaving the same way as NOTIFY (don't have a 
> capture for those - I assume the issue is the same).
>
>
> Btw, TLS works fine between Opensips 1.11 and the phone (OK messages, 
> etc. are encrypted).
>
>
> Thanks,
>
> Matt
>
>
> <http://pastebin.com/tM7zqTKX>
> 	
> Opensips TLS - Pastebin.com
> Read more... <http://pastebin.com/tM7zqTKX>
>
>
> ------------------------------------------------------------------------
> *From:* Bogdan-Andrei Iancu <bogdan at opensips.org>
> *Sent:* Monday, August 31, 2015 5:21 AM
> *To:* OpenSIPS users mailling list; mistral9999 at hotmail.com
> *Subject:* Re: [OpenSIPS-Users] TLS discrepancy between 1.7.1 and 1.11.5
> Hi Matt,
>
> Can you post of pastebin (or similar) the SIP capture showing the 
> incoming NOTIFY (via UDP) from Asterisk and the outgoing NOTIFY 
> (supposedly via TLS) to UAC ?
> Also the SUBSCRIBE request going from OpenSIPS to Asterisk will help alot.
>
> Regards,
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
> On 30.08.2015 18:22, Matt Hamilton wrote:
>>
>>
>>
>> We use Opensips (with TLS) as a dispatcher to multiple Asterisk 
>> servers.  Currently we are in the process of upgrading from 1.7.1 to 
>> 1.11.5, and we ran into a discrepancy between 1.7.1 and 1.11.5 
>> regarding SIP NOTIFY messages.
>>
>>
>> Here is the flow (both ways):
>>
>> UAC    (TLS) ->     Opensips   (UDP)-> Asterisk
>> Asterisk  (UDP) ->     Opensips       (TLS)->    UAC
>>
>>
>> In 1.7.1,  all messages between Opensips and UAC were encrypted - 
>> didn't matter if it was originated at UAC or Asterisk.
>>
>> In 1.11.5, the SIP NOTIFY messages coming from Asterisk are sent to 
>> UAC unencrypted (and not accepted by UAC). Here is the request that 
>> Opensips receives and sends to the UAC in plaintext:
>>
>> Request-Line: NOTIFY sip:101 at 1.2.3.4:5075;transport=tls;nat=yes SIP/2.0
>>
>> Anything we can do to have that leg encrypted as well?
>>
>> Thanks,
>> Matt
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150831/748ead01/attachment-0001.htm>


More information about the Users mailing list