The trange thing is that Windows Messenger also tries to establish an https connection.

In any case, you have to import the CA-cert you genereated for signing the TLS certificates into the Windows PC. (You can do it via the Internet Explorer).

You can also try ssldump to trace the TLS handshake.

regards klaus

Silvia talani wrote:

*Hi,* ** *I want to use OpenSer with TLS but when I try to connect to openser with Windows Messenger I receive this message:*

---

"Impossible to establish an HTTPS or TCP connection."

*I used the TLS tutorial from openser site to configure TLS; I created the certificates and this is my _openser.cfg file_:* //

/# $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $/

/# simple quick-start config script/

/# ----------- global configuration parameters ------------------------/

/debug=3 # debug level (cmd line: -dddddddddd)/

/fork=yes/

/log_stderror=no # (cmd line: -E)/

//* Uncomment these lines to enter debugging mode /

/fork=no/

/log_stderror=yes/

/*//

/check_via=no # (cmd. line: -v)/

/dns=no # (cmd. line: -r)/

/rev_dns=no # (cmd. line: -R)/

/port=5060/

/children=4/

/fifo="/tmp/openser_fifo"/

/# uncomment the following lines for TLS support/

/disable_tls = 0/

/listen = tls:192.168.1.5:5061 http://192.168.1.5:5061/

/tls_verify = 0/

/tls_require_certificate = 0/

/tls_method = SSLv23/

/tls_certificate = "/usr/local/etc/openser/tls/opensercert.pem"/

/tls_private_key = "/usr/local/etc/openser/tls/openser.pem"/

/tls_ca_list = "/usr/local/etc/openser/tls/calist.pem"/

//

etc......

*I captured with _Ethereal_ the _packets exchanged_ between the server(192.168.1.5 http://192.168.1.5) and the client(192.168.1.98 http://192.168.1.98) and on the openserver interface I found this dialog: *

/No. Time Source Destination Protocol Info/

1 0.000000 192.168.1.98 http://192.168.1.98 192.168.1.255 http://192.168.1.255 BROWSER Host Announcement MARCO, Workstation, Server, NT Workstation

/No. Time Source Destination Protocol Info/

2 28.080507 192.168.1.98 http://192.168.1.98 Broadcast ARP Who has 192.168.1.5 http://192.168.1.5? Tell 192.168.1.98 http://192.168.1.98

/No. Time Source Destination Protocol Info/

3 28.080636 192.168.1.5 http://192.168.1.5 192.168.1.98 http://192.168.1.98 ARP 192.168.1.5 http://192.168.1.5 is at 00:50:fc:6d:0e:1e

/No. Time Source Destination Protocol Info/

4 28.080742 192.168.1.98 http://192.168.1.98 192.168.1.5 http://192.168.1.5 TCP 1439 > sip-tls [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460

/No. Time Source Destination Protocol Info/

5 28.080841 192.168.1.5 http://192.168.1.5 192.168.1.98 http://192.168.1.98 TCP sip-tls > 1439 [RST, ACK] Seq=0 Ack=0 Win=0 Len=0

/No. Time Source Destination Protocol Info/

6 28.498558 192.168.1.98 http://192.168.1.98 192.168.1.5 http://192.168.1.5 TCP 1439 > sip-tls [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460

/No. Time Source Destination Protocol Info/

7 28.498674 192.168.1.5 http://192.168.1.5 192.168.1.98 http://192.168.1.98 TCP sip-tls > 1439 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0

/No. Time Source Destination Protocol Info/

8 29.045430 192.168.1.98 http://192.168.1.98 192.168.1.5 http://192.168.1.5 TCP 1439 > sip-tls [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460

/No. Time Source Destination Protocol Info/

9 29.045538 192.168.1.5 http://192.168.1.5 192.168.1.98 http://192.168.1.98 TCP sip-tls > 1439 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0

/No. Time Source Destination Protocol Info/

10 29.048035 192.168.1.98 http://192.168.1.98 192.168.1.5 http://192.168.1.5 TCP 1440 > https [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460

/No. Time Source Destination Protocol Info/

11 29.048128 192.168.1.5 http://192.168.1.5 192.168.1.98 http://192.168.1.98 TCP https > 1440 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460

/No. Time Source Destination Protocol Info/

12 29.048245 192.168.1.98 http://192.168.1.98 192.168.1.5 http://192.168.1.5 TCP 1440 > https [ACK] Seq=1 Ack=1 Win=65535 Len=0

/No. Time Source Destination Protocol Info/

13 29.118672 192.168.1.98 http://192.168.1.98 192.168.1.5 http://192.168.1.5 SSLv3 Client Hello

//

/No. Time Source Destination Protocol Info/

14 29.118795 192.168.1.5 http://192.168.1.5 192.168.1.98 http://192.168.1.98 TCP https > 1440 [ACK] Seq=1 Ack=103 Win=5840 Len=0

/Frame 14 (54 bytes on wire, 54 bytes captured)/

//

/No. Time Source Destination Protocol Info/

15 31.192871 192.168.1.5 http://192.168.1.5 192.168.1.98 http://192.168.1.98 SSLv3 Server Hello, Certificate, Server Hello Done

//

/No. Time Source Destination Protocol Info/

16 31.256175 192.168.1.98 http://192.168.1.98 192.168.1.5 http://192.168.1.5 SSLv3 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message

//

/No. Time Source Destination Protocol Info/

17 31.256329 192.168.1.5 http://192.168.1.5 192.168.1.98 http://192.168.1.98 TCP https > 1440 [ACK] Seq=741 Ack=307 Win=6432 Len=0

/No. Time Source Destination Protocol Info/

18 31.317188 192.168.1.5 http://192.168.1.5 192.168.1.98 http://192.168.1.98 SSLv3 Change Cipher Spec, Encrypted Handshake Message

/No. Time Source Destination Protocol Info/

19 31.318624 192.168.1.98 http://192.168.1.98 192.168.1.5 http://192.168.1.5 TCP 1440 > https [FIN, ACK] Seq=307 Ack=808 Win=64728 Len=0

/No. Time Source Destination Protocol Info/

20 31.335535 192.168.1.5 http://192.168.1.5 192.168.1.98 http://192.168.1.98 SSLv3 Encrypted Alert

//

/No. Time Source Destination Protocol Info/

21 31.335788 192.168.1.98 http://192.168.1.98 192.168.1.5 http://192.168.1.5 TCP 1440 > https [RST, ACK] Seq=308 Ack=831 Win=0 Len=0

*....so it seems that server and client use the TLS and exchange the certificate....* *Can someone help me? Why are there the TCP RSTs? What is the Encrypted Alert? Is the configuration file exact or not? What can I do to find the problem and solve it?* ** *Thanks!* *Silvia*

---

---

Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users