[OpenSIPS-Users] TLS Cypher Renegotiation & WireShark or SIPTrace

JamesH james at ip-sentinel.com
Thu Sep 26 04:09:01 EDT 2019

I'm trying to use Wireshark to examine my SIP Traffic for an OpenSIPS relay
between MS Teams and my SIP Provider.  I'm missing AKS from MS Teams and
want to look at VIA, RECORD-ROUTE & CONTACT fields in the sip header to
check if the correct info is there for the ACK reply to route back

The set up is this:

MS Teams <- tls -> OpenSIPS <- udp -> voicehosts

It's difficult to capture a TLS Debug with TCP dump so I am coercing the
cyphers used in the encryption handshake with* modparam("tls_mgm",
"ciphers_list","AES256-SHA")* This does not have Perfect Forward security so
WireShark can decode the traffic with my TLS private key.

It works fine for any call coming from VoiceHosts and I get a full view of
all the traffic as OpenSIPS is instantiating the TLS to MSTeams using the
AES256-SHA cypher

/However/ the MS Teams connection re-negotiates the TLS to a PFS cypher. 
But why?  I've told OpenSIPS what cypher I want it to use so why does it
allow re-negotiation?

TLS message from MS Teams
[Headers removed]
Transport Layer Security
    TLSv1.2 Record Layer: Handshake Protocol: Certificate
    TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange
    TLSv1.2 Record Layer: Handshake Protocol: Certificate Verify
    *TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec*
    TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message

How do I have OpenSIPS respect that I only want to use the AES256-SHA cypher
for TLS?

Alternatively without having to build a HOMER server how do I dump all sip
traffic that OpenSIPS sends to & fro?  I'm currently trying to use
sip_trace("$var(trace_id)", "d"); but with no output.  I've also gone for
log level 4 but that doesn't get everything and Debug mode is segfaulting on
OpenSSL versions and I don't want the pain of rebuilding the thing.

Sent from: http://opensips-open-sip-server.1449251.n2.nabble.com/OpenSIPS-Users-f1449235.html

More information about the Users mailing list