2 Jan
2007
2 Jan
'07
3:28 p.m.
Thanks Klaus.
On 12/29/06, Klaus Darilion <klaus.mailinglists(a)pernau.at> wrote:
The only free TLS-capeable client is minisip.
Commercial phones with TLs support are eyebeam (IMO the best client
available and IMO worth the 60$) and the SNOM hardphones.
MAybe the free snom softphone also supports TLS - but I do not know.
regards
klaus
On Fri, December 29, 2006 15:21, Ncheeku Baranov said:
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
Thanks Steffen. Is there any freely available tls
client which can be
used
to check this settings and the handshake? That
will be really helpful..
Best regards,
NCheeku
On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
>
> Hello Ncheeku,
>
> change to the directory with your ".pem"
> files: /usr/local/etc/openser/tls/user
>
>
> Then you can test your TLS handshake with the following command:
>
> openssl s_server -cert user-cert.pem -key user-privkey.pem -state
> -accept
> 5061
>
> Openssl simulates a TLS server with your certificate/private key files
> and it accepts only requests at port 5061.
>
>
> Best regards,
> Steffen
>
>
>
> 2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
> > Thanks a lot Steffen. Adding the new listen =
> udp:10.30.100.41:5060indeed
> > worked. How can I check the TLS handshake using openssl at the
server?
> > Thanks a lot..
> >
> >
> >
> > On 12/28/06, Steffen Witt <witt.steffen(a)googlemail.com> wrote:
> > > Hello again,
> > >
> > > maybe you should add the following line to test your non-TLS UAs:
> > >
> > > disable_tls = 0
> > > listen = udp:10.30.100.41:5060 <---
> > > listen = tls:10.30.100.41:5061
> > >
> > >
> > > You can check your TLS handshake by simulating your server with
> openssl.
> > >
> > >
> > > Please have a look at the following link that describes the TLS
> support:
> > >
> > > http://www.openser.org/docs/tls.html
> > >
> > >
> > > Best regards,
> > > Steffen
> > >
> > >
> > >
> > >
> > > 2006/12/28, Ncheeku Baranov <opensersubscribe(a)gmail.com>om>:
> > > > Hi,
> > > >
> > > > I am trying to make my non-TLS/TLS UA register with my TLS
enabled
openSER.
> > Currently I am just working on my local machine with the client
UAs
on
the
> > same subnet,(so there is only one domain, but its not named).
Below
is
my
> > configuration file:
> >
> > disable_tls = 0
> > listen = tls:10.30.100.41:5061
> > tls_verify_server = 1
> > tls_verify_client = 0
> > tls_require_client_certificate = 0
> > tls_method = TLSv1
> > tls_certificate =
"/usr/local/etc/openser/tls/user/user-
> > cert.pem"
> > tls_private_key =
"/usr/local/etc/openser/tls/user/user-
> > privkey.pem"
> > tls_ca_list =
> > "usr/local/etc/openser/tls/user/user-calist.pem"
> >
> > However, with the above configuration the client UAs couldnot
register
and I
> > got 408 Request Time out Message. Is there any field that is
missing
to
make
> > this simple scenario work? What should be the values of
"tls_client_domain"
> > and "tls_server_domain" fields in this case?
> >
> > I noticed that when I start the openSER without TLS support using
> > "openserctl start" and do "ps -e" after that, there are
more
openSER
> > processes running than if I start
openSER with TLS support in
which
case
I
> > see very few of these processes running.
> >
> > Your help is much appreciated....
> >
> > Best regards,
> > NCheeku
> >
> > _______________________________________________
> > Users mailing list
> > Users(a)openser.org
> > http://openser.org/cgi-bin/mailman/listinfo/users
> >
> >
> >
>