No subject


Wed Oct 26 15:22:07 CEST 2011


Sent to tls:50.XX.XX.156:5061 at 30/4/2012 00:09:11:335 (683 bytes):
REGISTER sip:i.com SIP/2.0
Via: SIP/2.0/TLS 192.168.1.70:3636;branch=z9hG4bK-brbd3nfa0aao;rport
From: "1000 - 6XX-6XX4" <sip:9016XX6XX4 at i.com>;tag=luco4y7th3
To: "1000 - 6XX-6XX4" <sip:9016XX6XX4 at i.com>
Call-ID: 3070263c3b8a-l2a7wl7yrrox
CSeq: 44 REGISTER
Max-Forwards: 70
Contact: <sip:9016XX6XX4 at 192.168.1.70:3636
;transport=tls;line=2c34lho2>;reg-id=1;q=1.0;audio;mobility="fixed";duplex="full";description="snom821";actor="principal";events="dialog";methods="INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,NOTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO"
User-Agent: snom821/8.4.35
Allow-Events: dialog
X-Real-IP: 192.168.1.70
Supported: path
Expires: 3600
Content-Length: 0

I don't see anything at all in the syslog.  I did a debug 4 too.  If I do a
ssldump I only see the following



New TCP connection #101: 99-67-237-217.lightspeed.austtx.sbcglobal.net(4801)
<-> 50-XX-XX-156.static.cloud-ips.com(5061)
101 1  0.0562 (0.0562)  C>S  Handshake
      ClientHello
        Version 3.1
        cipher suites
        TLS_RSA_WITH_RC4_128_MD5
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_NULL_MD5
        TLS_RSA_WITH_NULL_SHA
        TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
        TLS_DH_anon_WITH_RC4_128_MD5
        TLS_RSA_WITH_DES_CBC_SHA
        TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
        TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
        TLS_DH_anon_WITH_DES_CBC_SHA
        compression methods
                  NULL

So it looks like there is no S>C


Any ideas?

--f46d044286d2337a2104bedeff9e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I&#39;ve read the TLS tutorial<br><a href=3D"http://www.opensips.org/html/d=
ocs/tutorials/tls-1.4.x.html">http://www.opensips.org/html/docs/tutorials/t=
ls-1.4.x.html</a><br><br><br>I can&#39;t get a snom or counterpath phone to=
 register at all over TLS.=A0 I&#39;m not sure what is wrong.=A0 The only e=
rrors I see when I start OpenSIPS are<br>
Apr 30 00:08:27 SIPProxy01 opensips: WARNING:core:init_tls: disabling compr=
ession due ZLIB problems<br>
Apr 30 00:08:27 SIPProxy01 opensips: INFO:core:init_tls_domains: Processing=
 TLS domain [<a href=3D"http://0.0.0.0:0">0.0.0.0:0</a>]<br>
Apr 30 00:08:27 SIPProxy01 opensips: WARNING:core:init_ssl_ctx_behavior: cl=
ient verification NOT activated. Weaker security.<br>
Apr 30 00:08:27 SIPProxy01 opensips: INFO:core:init_tls_domains: Processing=
 TLS domain [<a href=3D"http://0.0.0.0:0">0.0.0.0:0</a>]<br>
Apr 30 00:08:27 SIPProxy01 opensips: WARNING:core:init_ssl_ctx_behavior: se=
rver verification NOT activated. Weaker security.<br>
Apr 30 00:08:27 SIPProxy01 /usr/local/sbin/opensips[11060]: NOTICE:core:mai=
n: version: opensips 1.8.0-dev0-tls (x86_64/linux)<br><br><br>To get the cl=
ient cert to work with Snom I had to change the cacert.pem to a .der file.=
=A0 So I did<br>
sudo openssl x509 -in cacert.pem -out cacert.der -outform DER <br><br><br>F=
or my config I have the following.<br><br>disable_tls =3D no<br>listen =3D =
tls:50.XX.XX.156:5061<br>tls_verify_server =3D 0<br>tls_verify_client =3D 0=
<br>
tls_require_client_certificate =3D 0<br>tls_method =3D TLSv1<br>#tls_method=
 =3D SSLv23<br>tls_certificate =3D &quot;/usr/local/etc/opensips/tls/user/u=
ser-cert.pem&quot;<br>tls_private_key =3D &quot;/usr/local/etc/opensips/tls=
/user/user-privkey.pem&quot;<br>
tls_ca_list =3D &quot;/usr/local/etc/opensips/tls/user/user-calist.pem&quot=
;<br><br><br><br>From the Snom phone I can see the Register sent to the ser=
ver<br><br><p>Sent to tls:50.XX.XX.156:5061 at 30/4/2012 00:09:11:335 (683 =
bytes):</p>

REGISTER sip:<a href=3D"http://i.com">i.com</a> SIP/2.0<br>
Via: SIP/2.0/TLS 192.168.1.70:3636;branch=3Dz9hG4bK-brbd3nfa0aao;rport<br>
From: &quot;1000 - 6XX-6XX4&quot; &lt;<a href=3D"mailto:sip%3A9016XX6XX4 at i.=
com">sip:9016XX6XX4 at i.com</a>&gt;;tag=3Dluco4y7th3<br>
To: &quot;1000 - 6XX-6XX4&quot; &lt;<a href=3D"mailto:sip%3A9016XX6XX4 at i.co=
m">sip:9016XX6XX4 at i.com</a>&gt;<br>
Call-ID: 3070263c3b8a-l2a7wl7yrrox<br>
CSeq: 44 REGISTER<br>
Max-Forwards: 70<br>
Contact:=20
&lt;sip:9016XX6XX4 at 192.168.1.70:3636;transport=3Dtls;line=3D2c34lho2&gt;;re=
g-id=3D1;q=3D1.0;audio;mobility=3D&quot;fixed&quot;;duplex=3D&quot;full&quo=
t;;description=3D&quot;snom821&quot;;actor=3D&quot;principal&quot;;events=
=3D&quot;dialog&quot;;methods=3D&quot;INVITE,ACK,CANCEL,BYE,REFER,OPTIONS,N=
OTIFY,SUBSCRIBE,PRACK,MESSAGE,INFO&quot;<br>

User-Agent: snom821/8.4.35<br>
Allow-Events: dialog<br>
X-Real-IP: 192.168.1.70<br>
Supported: path<br>
Expires: 3600<br>
Content-Length: 0<br><br>I don&#39;t see anything at all in the syslog.=A0 =
I did a debug 4 too.=A0 If I do a ssldump I only see the following<br><br><=
br><br>New TCP connection #101: <a href=3D"http://99-67-237-217.lightspeed.=
austtx.sbcglobal.net">99-67-237-217.lightspeed.austtx.sbcglobal.net</a>(480=
1) &lt;-&gt; <a href=3D"http://50-XX-XX-156.static.cloud-ips.com">50-XX-XX-=
156.static.cloud-ips.com</a>(5061)<br>
101 1=A0 0.0562 (0.0562)=A0 C&gt;S=A0 Handshake<br>=A0=A0=A0=A0=A0 ClientHe=
llo<br>=A0=A0=A0=A0=A0=A0=A0 Version 3.1 <br>=A0=A0=A0=A0=A0=A0=A0 cipher s=
uites<br>=A0=A0=A0=A0=A0=A0=A0 TLS_RSA_WITH_RC4_128_MD5<br>=A0=A0=A0=A0=A0=
=A0=A0 TLS_RSA_WITH_RC4_128_SHA<br>=A0=A0=A0=A0=A0=A0=A0 TLS_RSA_WITH_NULL_=
MD5<br>=A0=A0=A0=A0=A0=A0=A0 TLS_RSA_WITH_NULL_SHA<br>
=A0=A0=A0=A0=A0=A0=A0 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA<br>=A0=A0=A0=A0=A0=
=A0=A0 TLS_DH_anon_WITH_RC4_128_MD5<br>=A0=A0=A0=A0=A0=A0=A0 TLS_RSA_WITH_D=
ES_CBC_SHA<br>=A0=A0=A0=A0=A0=A0=A0 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA<br>=
=A0=A0=A0=A0=A0=A0=A0 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA<br>=A0=A0=A0=A0=
=A0=A0=A0 TLS_DH_anon_WITH_DES_CBC_SHA<br>
=A0=A0=A0=A0=A0=A0=A0 compression methods<br>=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=
=A0=A0=A0=A0=A0=A0=A0 NULL<br><br>So it looks like there is no S&gt;C<br><b=
r><br>Any ideas?<br>

--f46d044286d2337a2104bedeff9e--



More information about the Users mailing list