[Users] Problem registering the UA with openSER(tls enabled)

Klaus Darilion klaus.mailinglists at pernau.at
Fri Dec 29 20:55:00 CET 2006


The only free TLS-capeable client is minisip.

Commercial phones with TLs support are eyebeam (IMO the best client
available and IMO worth the 60$) and the SNOM hardphones.

MAybe the free snom softphone also supports TLS - but I do not know.

regards
klaus

On Fri, December 29, 2006 15:21, Ncheeku Baranov said:
> Thanks Steffen. Is there any freely available tls client which can be used
> to check this settings and the handshake? That will be really helpful..
>
> Best regards,
> NCheeku
>
>
> On 12/28/06, Steffen Witt <witt.steffen at googlemail.com> wrote:
>>
>> Hello Ncheeku,
>>
>> change to the directory with your ".pem"
>> files:  /usr/local/etc/openser/tls/user
>>
>>
>> Then you can test your TLS handshake with the following command:
>>
>> openssl s_server -cert user-cert.pem -key user-privkey.pem -state
>> -accept
>> 5061
>>
>> Openssl simulates a TLS server with your certificate/private key files
>> and it accepts only requests at port 5061.
>>
>>
>> Best regards,
>> Steffen
>>
>>
>>
>> 2006/12/28, Ncheeku Baranov <opensersubscribe at gmail.com>:
>> > Thanks a lot Steffen. Adding the new listen =
>> udp:10.30.100.41:5060indeed
>> > worked. How can I check the TLS handshake using openssl at the server?
>> > Thanks a lot..
>> >
>> >
>> >
>> > On 12/28/06, Steffen Witt <witt.steffen at googlemail.com> wrote:
>> > > Hello again,
>> > >
>> > > maybe you should add the following line to test your non-TLS UAs:
>> > >
>> > > disable_tls = 0
>> > > listen = udp:10.30.100.41:5060   <---
>> > > listen = tls:10.30.100.41:5061
>> > >
>> > >
>> > > You can check your TLS handshake by simulating your server with
>> openssl.
>> > >
>> > >
>> > > Please have a look at the following link that describes the TLS
>> support:
>> > >
>> > > http://www.openser.org/docs/tls.html
>> > >
>> > >
>> > > Best regards,
>> > > Steffen
>> > >
>> > >
>> > >
>> > >
>> > > 2006/12/28, Ncheeku Baranov <opensersubscribe at gmail.com>:
>> > > > Hi,
>> > > >
>> > > > I am trying to make my non-TLS/TLS UA register with my TLS enabled
>> > openSER.
>> > > > Currently I am just working on my local machine with the client
>> UAs
>> on
>> > the
>> > > > same subnet,(so there is only one domain, but its not named).
>> Below
>> is
>> > my
>> > > > configuration file:
>> > > >
>> > > > disable_tls = 0
>> > > > listen = tls:10.30.100.41:5061
>> > > > tls_verify_server = 1
>> > > > tls_verify_client = 0
>> > > > tls_require_client_certificate = 0
>> > > > tls_method = TLSv1
>> > > > tls_certificate =
>> > "/usr/local/etc/openser/tls/user/user-
>> > > > cert.pem"
>> > > > tls_private_key =
>> > "/usr/local/etc/openser/tls/user/user-
>> > > > privkey.pem"
>> > > > tls_ca_list =
>> > > > "usr/local/etc/openser/tls/user/user-calist.pem"
>> > > >
>> > > > However, with the above configuration the client UAs couldnot
>> register
>> > and I
>> > > > got 408 Request Time out Message. Is there any field that is
>> missing
>> to
>> > make
>> > > > this simple scenario work? What should be the values of
>> > "tls_client_domain"
>> > > > and "tls_server_domain" fields in this case?
>> > > >
>> > > > I noticed that when I start the openSER without TLS support using
>> > > > "openserctl start" and do "ps -e" after that, there are more
>> openSER
>> > > > processes running than if I start openSER with TLS support in
>> which
>> case
>> > I
>> > > > see very few of these processes running.
>> > > >
>> > > > Your help is much appreciated....
>> > > >
>> > > > Best regards,
>> > > > NCheeku
>> > > >
>> > > > _______________________________________________
>> > > > Users mailing list
>> > > > Users at openser.org
>> > > > http://openser.org/cgi-bin/mailman/listinfo/users
>> > > >
>> > > >
>> > > >
>> > >
>> >
>> >
>>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>






More information about the Users mailing list