Re: [SR-Users] Enable session_id in ServerHello for TLS

the snom softphone: http://www.chip.de/downloads/360-Softphone_14364878.html it's completely outdated. and therefore good for such backwards compatible tests.

Kristijan 2012/3/12 Daniel-Constantin Mierla<miconda(a)gmail.com>om>: > > Hello, > > thanks for reporting back it's working -- please keep the mailing list > cc-ed, so people looking for same issue will be able to find it when > searching the web archive. > > I am using snom3xx with tls and kamailio 3.x a lot, never had issues, but > I > have no clue about the softphone.exe > > Cheers, > Daniel > > > On 3/11/12 8:09 PM, Kristijan Vrban wrote: >> >> Hello Daniel, >> >> many thanks for the fast reply, And yes, the session_cache option >> solved my problem. Well... the device i used was the immemorial >> snom360 softphone.exe >> running with wine :) The softphone i use since years for TLS testing. >> >> Kristijan >> >> 2012/3/11 Daniel-Constantin Mierla<miconda(a)gmail.com>om>: >>> >>> Hello, >>> >>> >>> On 3/11/12 1:28 AM, Kristijan Vrban wrote: >>>> >>>> Hello, how to tell that Kamailio should juse a session_id for tls ? >>>> See ssldump output below. I reckon that this is the reason the >>>> client i use end with "handshake_failure". Because when is use >>>> opensips, there is the session_id, and it's working. >>>> >>>> Kristijan >>>> >>>> 2 1  0.0228 (0.0228)  C>S  Handshake >>>>       ClientHello >>>>         Version 3.1 >>>>         cipher suites >>>>         TLS_RSA_WITH_RC4_128_MD5 >>>>         TLS_RSA_WITH_RC4_128_SHA >>>>         TLS_RSA_WITH_NULL_MD5 >>>>         TLS_RSA_WITH_NULL_SHA >>>>         TLS_DH_anon_WITH_3DES_EDE_CBC_SHA >>>>         TLS_DH_anon_WITH_RC4_128_MD5 >>>>         TLS_RSA_WITH_DES_CBC_SHA >>>>         TLS_RSA_EXPORT1024_WITH_RC4_56_SHA >>>>         TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA >>>>         TLS_DH_anon_WITH_DES_CBC_SHA >>>>         compression methods >>>>                   NULL >>>> 1    0.0519 (0.0519)  C>S  TCP FIN >>>> 2 2  0.0432 (0.0204)  S>C  Handshake >>>>       ServerHello >>>>         Version 3.1 >>>>         session_id[0]= >>>> >>>>         cipherSuite         TLS_RSA_WITH_RC4_128_MD5 >>>>         compressionMethod                   NULL >>>> 2 3  0.0432 (0.0000)  S>C  Handshake >>>>       Certificate >>>> 2 4  0.0432 (0.0000)  S>C  Handshake >>>>       ServerHelloDone >>>> 2 5  0.0452 (0.0020)  C>S  Alert >>>>     level           fatal >>>>     value           handshake_failure >>>> 1    0.0744 (0.0225)  S>C  TCP FIN >>>> 2    0.0681 (0.0228)  S>C  TCP FIN >>> >>> the tls module has now the option to turn on/off session caching, which >>> was >>> on by default in openser 1.x. Now it is off as it does not make much >>> benefits with out multi-process architecture. Try to add to your >>> config: >>> >>> modparam("tls", "session_cache", 1) >>> >>> Let me know if works -- the module parameter is missing from the >>> readme, >>> perhaps the author forgot to add it at the time of development -- I >>> will >>> try >>> to sync the sources and the readme for tls module asap. >>> >>> Cheers, >>> Daniel >>> >>> -- >>> Daniel-Constantin Mierla >>> Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany >>> http://www.asipto.com/index.php/kamailio-advanced-training/ >>> > -- > Daniel-Constantin Mierla > Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany > http://www.asipto.com/index.php/kamailio-advanced-training/ >