[Users] Problem with tls in openser

Silvia talani silvia.talani at gmail.com
Fri Apr 21 16:49:42 CEST 2006


*Hi,*
**
*I want to use OpenSer with TLS but when I try to connect to openser with
Windows Messenger I receive this message:*

----------------------------------------------------------------------------------
"Impossible to establish an HTTPS or TCP connection."
----------------------------------------------------------------------------------

*I used the TLS tutorial from openser site to configure TLS; I created the
certificates and this is my openser.cfg file:*
**

*# $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $*

*# simple quick-start config script*

*# ----------- global configuration parameters ------------------------*

*debug=3 # debug level (cmd line: -dddddddddd)*

*fork=yes*

*log_stderror=no # (cmd line: -E)*

*/* Uncomment these lines to enter debugging mode *

*fork=no*

*log_stderror=yes*

**/*

*check_via=no # (cmd. line: -v)*

*dns=no # (cmd. line: -r)*

*rev_dns=no # (cmd. line: -R)*

*port=5060*

*children=4*

*fifo="/tmp/openser_fifo"*

*# uncomment the following lines for TLS support*

*disable_tls = 0*

*listen = tls:192.168.1.5:5061*

*tls_verify = 0*

*tls_require_certificate = 0*

*tls_method = SSLv23*

*tls_certificate = "/usr/local/etc/openser/tls/opensercert.pem"*

*tls_private_key = "/usr/local/etc/openser/tls/openser.pem"*

*tls_ca_list = "/usr/local/etc/openser/tls/calist.pem"*

**

etc......



*I captured with Ethereal the packets exchanged between the server(
192.168.1.5) and the client(192.168.1.98) and on the openserver interface I
found this dialog:*



*No. Time Source Destination Protocol Info*

1 0.000000 192.168.1.98 192.168.1.255 BROWSER Host Announcement MARCO,
Workstation, Server, NT Workstation

*No. Time Source Destination Protocol Info*

2 28.080507 192.168.1.98 Broadcast ARP Who has 192.168.1.5? Tell
192.168.1.98

*No. Time Source Destination Protocol Info*

3 28.080636 192.168.1.5 192.168.1.98 ARP 192.168.1.5 is at 00:50:fc:6d:0e:1e

*No. Time Source Destination Protocol Info*

4 28.080742 192.168.1.98 192.168.1.5 TCP 1439 > sip-tls [SYN] Seq=0 Ack=0
Win=65535 Len=0 MSS=1460

*No. Time Source Destination Protocol Info*

5 28.080841 192.168.1.5 192.168.1.98 TCP sip-tls > 1439 [RST, ACK] Seq=0
Ack=0 Win=0 Len=0

*No. Time Source Destination Protocol Info*

6 28.498558 192.168.1.98 192.168.1.5 TCP 1439 > sip-tls [SYN] Seq=0 Ack=0
Win=65535 Len=0 MSS=1460

*No. Time Source Destination Protocol Info*

7 28.498674 192.168.1.5 192.168.1.98 TCP sip-tls > 1439 [RST, ACK] Seq=0
Ack=1 Win=0 Len=0

*No. Time Source Destination Protocol Info*

8 29.045430 192.168.1.98 192.168.1.5 TCP 1439 > sip-tls [SYN] Seq=0 Ack=0
Win=65535 Len=0 MSS=1460

*No. Time Source Destination Protocol Info*

9 29.045538 192.168.1.5 192.168.1.98 TCP sip-tls > 1439 [RST, ACK] Seq=0
Ack=1 Win=0 Len=0

*No. Time Source Destination Protocol Info*

10 29.048035 192.168.1.98 192.168.1.5 TCP 1440 > https [SYN] Seq=0 Ack=0
Win=65535 Len=0 MSS=1460

*No. Time Source Destination Protocol Info*

11 29.048128 192.168.1.5 192.168.1.98 TCP https > 1440 [SYN, ACK] Seq=0
Ack=1 Win=5840 Len=0 MSS=1460

*No. Time Source Destination Protocol Info*

12 29.048245 192.168.1.98 192.168.1.5 TCP 1440 > https [ACK] Seq=1 Ack=1
Win=65535 Len=0

*No. Time Source Destination Protocol Info*

13 29.118672 192.168.1.98 192.168.1.5 SSLv3 Client Hello

**
*No. Time Source Destination Protocol Info*

14 29.118795 192.168.1.5 192.168.1.98 TCP https > 1440 [ACK] Seq=1 Ack=103
Win=5840 Len=0

*Frame 14 (54 bytes on wire, 54 bytes captured)*

**
*No. Time Source Destination Protocol Info*

15 31.192871 192.168.1.5 192.168.1.98 SSLv3 Server Hello, Certificate,
Server Hello Done

**
*No. Time Source Destination Protocol Info*

16 31.256175 192.168.1.98 192.168.1.5 SSLv3 Client Key Exchange, Change
Cipher Spec, Encrypted Handshake Message

**
*No. Time Source Destination Protocol Info*

17 31.256329 192.168.1.5 192.168.1.98 TCP https > 1440 [ACK] Seq=741 Ack=307
Win=6432 Len=0

*No. Time Source Destination Protocol Info*

18 31.317188 192.168.1.5 192.168.1.98 SSLv3 Change Cipher Spec, Encrypted
Handshake Message

*No. Time Source Destination Protocol Info*

19 31.318624 192.168.1.98 192.168.1.5 TCP 1440 > https [FIN, ACK] Seq=307
Ack=808 Win=64728 Len=0

*No. Time Source Destination Protocol Info*

20 31.335535 192.168.1.5 192.168.1.98 SSLv3 Encrypted Alert

**
*No. Time Source Destination Protocol Info*

21 31.335788 192.168.1.98 192.168.1.5 TCP 1440 > https [RST, ACK] Seq=308
Ack=831 Win=0 Len=0
*....so it seems that server and client use the TLS and exchange the
certificate....*
*Can someone help me? Why are there the TCP RSTs? What is the Encrypted
Alert? Is the configuration file exact or not? What can I do to find the
problem and solve it?*
**
*Thanks!*
*Silvia*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kamailio.org/pipermail/users/attachments/20060421/33a0865b/attachment.htm 


More information about the Users mailing list