[Users] Re: [Devel] Please help for TLS testing..

Klaus Darilion klaus.mailinglists at pernau.at
Fri Jul 21 09:49:52 CEST 2006


Hi Feriante!

Please Cc: the list too.


To test TLS you have choose where you want to use TLS:
- between the SIP clients and the SIP proxy
- between SIP proxies and to gateways
- both

between the SIP clients and the SIP proxy:
get a SIP client which Supports TLS (eyebeam, minisip, SNOM phones 
(maybe also the SNOM softphone?))

between SIP proxies:
get 2 domain names for each proxy (they can be hosted on the same PC 
with different ports).
make NAPTR and SRV (RFC3263) entries with TLS as preferred protocol
configure both proxies with the same rootCA
configure both proxies with a client certificate and key
use t_relay(). This should check NAPTR records and use tls as protocol.

regards
klaus

Ferianto siregar wrote:
> 
> Dear Klaus Darilion,
>  
> Thank you very much for your kind-hearted to reply my message.Thanks
> I have tried your suggestion and it works. Thanks
> But, would you mind if I ask you a question anymore?
> How can I test my TLS configuration, so It can run as a security in voip 
> communication?
> What should I prepare, Klaus? Would you mind..
> Please help me..
>  
> Thanks with all regards,
>  
>  
> Ferianto
> 
> */Klaus Darilion <klaus.mailinglists at pernau.at>/* wrote:
> 
>     Hi Feriante!
> 
>     The TLS syntax has changed and we have forgotten to update the default
>     config file. As I sad, read the TLS tutorial
>     (http://openser.org/docs/tls.html) and also the Wiki describes the new
>     syntax
>     (http://openser.org/dokuwiki/doku.php?id=migrating_openser_v1.0.x_to_v1.1.x).
> 
>     In your case:
>     tls_verify_server = on
>     tls_verify_client = on
>     tls_require_client_certificate = on
> 
>     regards
>     klaus
> 
>     On Fri, July 21, 2006 5:40, Ferianto siregar said:
>      > Dear all,
>      >
>      > First of all I would like to say thanks to all of you who has
>     given me
>      > some helps and suggestions to solve my problem in configuring my
>     openser
>      > system. Thank you very much.
>      > I have some questions in configuring the TLS now, I do hope
>     anybody can
>      > help me. These are the questions:
>      > 1. Now, I try to configure the openser system for using the TLS.
>     So, as
>      > Klaus Darilion said before, I must configure openser.cfg file
>     first. So,
>      > I uncomment (enable) the TLS by deleting "#" in openser.cfg file.
>     After
>      > that, I try to restart the openser again. But, when I run it again
>      > (after restarting), I get 3 error messages. Here are the error
>     message:
>      > [root at localhost openser]# openser restart
>      > 0(5783) parse error (27,12-13): parse error
>      > 0(5783) parse error (27,12-13): unknown config
>      > variable
>      > 0(5783) parse error (27,14-15):
>      > ERROR: bad config file (3 errors)
>      > 0(5783) destroy_tls: Entered
>      > 0(5783) shm_mem_destroy
>      > [root at localhost openser]#
>      >
>      > As I see, the error is at line 27. I see that it contain
>     "tls_verify=1"
>      > and "tls_require_certificate=0". I don`t know what is wrong with this
>      > line because As I see from all mailinglist`s messages, they didn`t
>      > change this line and if they change it, they just change the
>     value, for
>      > example :
>      > tls_verify = on
>      > tls_require_certificate = on
>      >
>      > I have tried this effort, but I get the same error message.
>      > Does anybody can give me a suggestion what sould i do? Please...
>      >
>      > 2. If the error can be solved, how can I test my TLS configuration? I
>      > mean how I can test whether it can run correctly ( It can secure the
>      > communication system in openser)?
>      >
>      > Please help me..I do hope anyone can help me to solve this problem.
>      > Thank you.
>      >
>      >
>      > Regards with cheers,
>      >
>      >
>      >
>      > Ferianto
>      >
>      >
>      >
>      >
>      > ---------------------------------
>      > Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US
>     (and 30+
>      > countries) for 2¢/min or
>      > less._______________________________________________
>      > Devel mailing list
>      > Devel at openser.org
>      > http://openser.org/cgi-bin/mailman/listinfo/devel
>      >
> 
> 
> 
> ------------------------------------------------------------------------
> See the all-new, redesigned Yahoo.com. Check it out. 
> <http://us.rd.yahoo.com/evt=40762/*http://www.yahoo.com/preview>





More information about the Users mailing list