[Users] 2 OpenSERs with TLS
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Mar 28 14:21:42 CEST 2006
If the SIP traffic is routed via port 5060 it is not TLS.
Only if you see TCP traffic on port 5061 TLS is used.
Try use t_relay_to_tcp (or the new t_relay syntax if you use CVS head)
regards
klaus
Joao Pereira wrote:
> Hello
> I did ngrep and all the traffic is passing through port 5060 from
> serverA to serverB.
> In witch port should the certification negotiation be done? 5060 or 5061 ?
>
>
> Thats my configuration of the 2 servers
> aaa.aaa.aaa.aaa = IP of openserA
> bbb.bbb.bbb.bbb=IP of openserB
>
>
> openserA-----------------------------------------
> port=5060
> listen = aaa.aaa.aaa.aaa:5060 alias=aaa.aaa.aaa.aaa
>
>
> disable_tls = 0
> listen = tls:aaa.aaa.aaa.aaa:5061
> tls_verify = 1
> tls_require_certificate = 1
> tls_method = TLSv1
>
>
>
> openserB-----------------------------------------
> port=5060
> listen = bbb.bbb.bbb.bbb:5060
> alias=bbb.bbb.bbb.bbb
> disable_tls = 0
> listen = tls:bbb.bbb.bbb.bbb:5061
> tls_verify = 1
> tls_require_certificate = 1
> tls_method = TLSv1
>
>
> Thanks
> Joao
>
>
> Klaus Darilion wrote:
>
>> ssldump
>>
>> or
>>
>> ngrep port 5061
>>
>>
>> regards
>> klaus
>>
>> Joao Pereira wrote:
>>
>>> Hello to all
>>> I have 2 OpenSERs working with TLS.
>>> They both have registered clients (X-Lite).
>>> How can I be sure that they are exchanging the certificates when one
>>> call goes from serverA to serverB ?
>>> Is there any debug where we can see it happening?
>>>
>>> Thanks
>>> Joao
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at openser.org
>>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>>
>
More information about the Users
mailing list