[OpenSIPS-Users] opensips 1.7+tls problems

jarle jarle.lervik at sipcom.no
Wed Oct 12 15:41:20 CEST 2011


I have the exact same issue. Did you figure this one out?



Ian Buckner wrote:
> 
> I just wanted to pick up on question 1 as I have the same problem and may
> have got slightly further in tracing this:
> 
> Using ssldump I see the following during the initial REGISTER operation:
> 
> On OpenSips 1.7.0
> ---------------------------
> New TCP connection #8: 81.5.147.34(61584) <-> myserver(5672)
> 8 1  0.0996 (0.0996)  C>S  Handshake
>      ClientHello
>        Version 3.1 
>        cipher suites
>        Unknown value 0x39
>        Unknown value 0x38
>        Unknown value 0x35
>        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
>        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
>        TLS_RSA_WITH_3DES_EDE_CBC_SHA
>        Unknown value 0x33
>        Unknown value 0x32
>        Unknown value 0x2f
>        TLS_RSA_WITH_RC4_128_SHA
>        TLS_RSA_WITH_RC4_128_MD5
>        TLS_DHE_RSA_WITH_DES_CBC_SHA
>        TLS_DHE_DSS_WITH_DES_CBC_SHA
>        TLS_RSA_WITH_DES_CBC_SHA
>        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
>        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
>        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
>        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
>        TLS_RSA_EXPORT_WITH_RC4_40_MD5
>        compression methods
>                  NULL
> 8 2  0.1001 (0.0005)  S>C  Handshake
>      ServerHello
>        Version 3.1 
>        session_id[32]=
>          0a 84 43 7a 4b 15 d9 11 f9 ca 51 f2 33 30 c3 07 
>          12 dd 35 a1 33 e1 43 fc 14 84 f6 0d 98 67 93 97 
>        cipherSuite         Unknown value 0x35
>        compressionMethod                   NULL
> 8 3  0.1001 (0.0000)  S>C  Handshake
>      Certificate
> 8 4  0.1001 (0.0000)  S>C  Handshake
>      ServerHelloDone
> 8 5  0.1546 (0.0545)  C>S  Handshake
>      ClientKeyExchange
> 8 6  0.1546 (0.0000)  C>S  ChangeCipherSpec
> 8 7  0.1546 (0.0000)  C>S  Handshake
> 8 8  0.1557 (0.0010)  S>C  ChangeCipherSpec
> 8 9  0.1557 (0.0000)  S>C  Handshake
> 8 10 0.2133 (0.0575)  C>S  application_data
> 8 11 0.2133 (0.0000)  C>S  application_data
> 8 12 0.2140 (0.0007)  S>C  application_data
> Unknown SSL content type 83
> 8 13 0.2686 (0.0545)  C>S  Alert
> 8 14 0.2686 (0.0000)  S>CShort record
> 8 15 0.2686 (0.0000)  S>C  Alert
> 8 16 0.2688 (0.0002)  S>C  Alert
> 8    0.2689 (0.0000)  S>C  TCP RST
> 
> i.e. an error on the first piece of application data sent from OpenSips
> back to the client. In my case, the Blink 1.2.0 client shows as registered
> (confirmed by opensipsctl ul show) but the TLS socket has been torn down.
> 
> Rolling back to 1.6.4-2, using the same certificates and TLS
> configuration:
> 
> On OpenSips 1.6.4-2
> ----------------------------
> New TCP connection #7: 81.5.147.34(61303) <-> myserver(5672)
> 7 1  0.0806 (0.0806)  C>S  Handshake
>      ClientHello
>        Version 3.1 
>        cipher suites
>        Unknown value 0x39
>        Unknown value 0x38
>        Unknown value 0x35
>        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
>        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
>        TLS_RSA_WITH_3DES_EDE_CBC_SHA
>        Unknown value 0x33
>        Unknown value 0x32
>        Unknown value 0x2f
>        TLS_RSA_WITH_RC4_128_SHA
>        TLS_RSA_WITH_RC4_128_MD5
>        TLS_DHE_RSA_WITH_DES_CBC_SHA
>        TLS_DHE_DSS_WITH_DES_CBC_SHA
>        TLS_RSA_WITH_DES_CBC_SHA
>        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
>        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
>        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
>        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
>        TLS_RSA_EXPORT_WITH_RC4_40_MD5
>        compression methods
>                  NULL
> 7 2  0.0811 (0.0005)  S>C  Handshake
>      ServerHello
>        Version 3.1 
>        session_id[32]=
>          1b 63 c6 56 b0 aa 18 a0 57 3b 26 84 8a d8 5a d1 
>          ae 71 b2 9f 87 ff 02 31 d3 33 4d 7f 51 71 73 2e 
>        cipherSuite         Unknown value 0x35
>        compressionMethod                   NULL
> 7 3  0.0811 (0.0000)  S>C  Handshake
>      Certificate
> 7 4  0.0811 (0.0000)  S>C  Handshake
>      ServerHelloDone
> 7 5  0.1364 (0.0552)  C>S  Handshake
>      ClientKeyExchange
> 7 6  0.1364 (0.0000)  C>S  ChangeCipherSpec
> 7 7  0.1364 (0.0000)  C>S  Handshake
> 7 8  0.1375 (0.0010)  S>C  ChangeCipherSpec
> 7 9  0.1375 (0.0000)  S>C  Handshake
> 7 10 0.1934 (0.0559)  C>S  application_data
> 7 11 0.1934 (0.0000)  C>S  application_data
> 7 12 0.1942 (0.0007)  S>C  application_data
> 7 13 0.2565 (0.0623)  C>S  application_data
> 7 14 0.2565 (0.0000)  C>S  application_data
> 7 15 0.2587 (0.0022)  S>C  application_data
> 
> Register succeeds, no error in the TLS channel, socket connection remains
> open for subsequent interactions.
> 
> @Yufei - perhaps you are able to confirm the same behaviour using ssldump
> too.
> 
> 
> best regards,
> 
> Ian
> _______________________________________________
> Users mailing list
> Users at .opensips
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 


--
View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/Re-opensips-1-7-tls-problems-tp6749293p6885031.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.



More information about the Users mailing list