Thanks Steffen. Is there any freely available tls client which can be used to check this settings and the handshake? That will be really helpful..
Best regards,
NCheeku
On 12/28/06, Steffen Witt <witt.steffen@googlemail.com> wrote:
Hello Ncheeku,
change to the directory with your ".pem" files: /usr/local/etc/openser/tls/user
Then you can test your TLS handshake with the following command:
openssl s_server -cert user-cert.pem -key user-privkey.pem -state -accept 5061
Openssl simulates a TLS server with your certificate/private key files
and it accepts only requests at port 5061.
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe@gmail.com>:
> Thanks a lot Steffen. Adding the new listen = udp:
10.30.100.41:5060 indeed
> worked. How can I check the TLS handshake using openssl at the server?
> Thanks a lot..
>
>
>
> On 12/28/06, Steffen Witt <
witt.steffen@googlemail.com> wrote:
> > Hello again,
> >
> > maybe you should add the following line to test your non-TLS UAs:
> >
> > disable_tls = 0
> > listen = udp:10.30.100.41:5060 <---
> > listen = tls:10.30.100.41:5061
> >
> >
> > You can check your TLS handshake by simulating your server with openssl.
> >
> >
> > Please have a look at the following link that describes the TLS support:
> >
> >
http://www.openser.org/docs/tls.html
> >
> >
> > Best regards,
> > Steffen
> >
> >
> >
> >
> > 2006/12/28, Ncheeku Baranov <
opensersubscribe@gmail.com>:
> > > Hi,
> > >
> > > I am trying to make my non-TLS/TLS UA register with my TLS enabled
> openSER.
> > > Currently I am just working on my local machine with the client UAs on
> the
> > > same subnet,(so there is only one domain, but its not named). Below is
> my
> > > configuration file:
> > >
> > > disable_tls = 0
> > > listen = tls:10.30.100.41:5061
> > > tls_verify_server = 1
> > > tls_verify_client = 0
> > > tls_require_client_certificate = 0
> > > tls_method = TLSv1
> > > tls_certificate =
> "/usr/local/etc/openser/tls/user/user-
> > > cert.pem"
> > > tls_private_key =
> "/usr/local/etc/openser/tls/user/user-
> > > privkey.pem"
> > > tls_ca_list =
> > > "usr/local/etc/openser/tls/user/user-calist.pem"
> > >
> > > However, with the above configuration the client UAs couldnot register
> and I
> > > got 408 Request Time out Message. Is there any field that is missing to
> make
> > > this simple scenario work? What should be the values of
> "tls_client_domain"
> > > and "tls_server_domain" fields in this case?
> > >
> > > I noticed that when I start the openSER without TLS support using
> > > "openserctl start" and do "ps -e" after that, there are more openSER
> > > processes running than if I start openSER with TLS support in which case
> I
> > > see very few of these processes running.
> > >
> > > Your help is much appreciated....
> > >
> > > Best regards,
> > > NCheeku
> > >
> > > _______________________________________________
> > > Users mailing list
> > >
Users@openser.org
> > > http://openser.org/cgi-bin/mailman/listinfo/users
> > >
> > >
> > >
> >
>
>