Jan Janak wrote:
Hi Klaus,
Klaus Darilion wrote:
Hi all!
I wonder if this TLS module if even working. First, I had to patch ser to allow settings for the default client TLS domain, but still I can't connect. Not even ser<-->ser works.
Yes, it works. Configuration of the client part was not done yet(see my email on serdev, it was mentioned there), I fixed that already and will commit it shortly. But this is not a problem as long as you only use the default client domain, because in that case you can just put the certificate in the default path and it will work.
I always get the following error on the client side:
ser[2559]: ERROR: tls_server.c:281: SSL error:error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable
I've tried setting the cipher manually but I still get the same error. Is this TLS module really wokring for you?
I have tested this several times and it working for me. Could you send me your tls configuration, so that I can retry it ?
modparam("tls", "tls_log", 3) modparam("tls", "send_timeout", 15) modparam("tls", "handshake_timeout", 15) modparam("tls", "connection_timeout", 120) # default incoming (server) domain modparam("tls", "method", "TLSv1") modparam("tls", "verify_certificate", "0") modparam("tls", "require_certificate", "0") modparam("tls", "certificate", "/etc/proxyCert1/cert.pem") modparam("tls", "private_key", "/etc/proxyCert1/privkey.pem") modparam("tls", "ca_list", "/etc/demoCA/cacert.pem") # default outgoing (client) domain # # add patch to support "@" for client configuration # modparam("tls", "method", "@TLSv1") modparam("tls", "verify_certificate", "@0") modparam("tls", "require_certificate", "@0") modparam("tls", "certificate", "@/etc/proxyCert1/cert.pem") modparam("tls", "private_key", "@/etc/proxyCert1/privkey.pem") modparam("tls", "ca_list", "@/etc/demoCA/cacert.pem")
Note that I'm using my patch to configure the default client domain.
regarding "LS1_SETUP_KEY_BLOCK:cipher or hash unavailable": Which openssl version do you use?
regards klaus