29 Dec
2006
29 Dec
'06
9:55 p.m.
The only free TLS-capeable client is minisip.
Commercial phones with TLs support are eyebeam (IMO the best client
available and IMO worth the 60$) and the SNOM hardphones.
MAybe the free snom softphone also supports TLS - but I do not know.
regards
klaus
On Fri, December 29, 2006 15:21, Ncheeku Baranov said:
Thanks Steffen. Is there any freely available tls
client which can be used
to check this settings and the handshake? That will be really helpful..
Best regards,
NCheeku
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
Hello Ncheeku,
change to the directory with your ".pem"
files: /usr/local/etc/openser/tls/user
Then you can test your TLS handshake with the following command:
openssl s_server -cert user-cert.pem -key user-privkey.pem -state
-accept
5061
Openssl simulates a TLS server with your certificate/private key files
and it accepts only requests at port 5061.
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
UAs
on
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
Thanks a lot Steffen. Adding the new listen =
udp:10.30.100.41:5060indeed
worked. How can I check the TLS handshake using
openssl at the server?
Thanks a lot..
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
> Hello again,
>
> maybe you should add the following line to test your non-TLS UAs:
>
> disable_tls = 0
> listen = udp:10.30.100.41:5060 <---
> listen = tls:10.30.100.41:5061
>
>
> You can check your TLS handshake by simulating your server with
openssl.
>
>
> Please have a look at the following link that describes the TLS
support:
http://www.openser.org/docs/tls.html
Best regards,
Steffen
2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
> Hi,
>
> I am trying to make my non-TLS/TLS UA register with my TLS enabled
openSER.
> > Currently I am just working on my local machine with the client the
> > same subnet,(so there is only one domain, but its not named).
Below
is
my
register
> configuration file:
>
> disable_tls = 0
> listen = tls:10.30.100.41:5061
> tls_verify_server = 1
> tls_verify_client = 0
> tls_require_client_certificate = 0
> tls_method = TLSv1
> tls_certificate =
"/usr/local/etc/openser/tls/user/user-
> cert.pem"
> tls_private_key =
"/usr/local/etc/openser/tls/user/user-
> > privkey.pem"
> > tls_ca_list =
> > "usr/local/etc/openser/tls/user/user-calist.pem"
> >
> > However, with the above configuration the client UAs couldnot and I
> > got 408 Request Time out Message. Is there any field that is
missing
to
make
openSER
> this simple scenario work? What should be
the values of
"tls_client_domain"
> > and "tls_server_domain" fields in this case?
> >
> > I noticed that when I start the openSER without TLS support using
> > "openserctl start" and do "ps -e" after that, there are
more > > processes running than if I start
openSER with TLS support in
which
case
I
> see very few of these processes running.
>
> Your help is much appreciated....
>
> Best regards,
> NCheeku
>
> _______________________________________________
> Users mailing list
> Users(a)openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>
>
>