21 Apr
2006
21 Apr
'06
4:49 p.m.
*Hi,*
**
*I want to use OpenSer with TLS but when I try to connect to openser with
Windows Messenger I receive this message:*
----------------------------------------------------------------------------------
"Impossible to establish an HTTPS or TCP connection."
----------------------------------------------------------------------------------
*I used the TLS tutorial from openser site to configure TLS; I created the
certificates and this is my openser.cfg file:*
**
*# $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $*
*# simple quick-start config script*
*# ----------- global configuration parameters ------------------------*
*debug=3 # debug level (cmd line: -dddddddddd)*
*fork=yes*
*log_stderror=no # (cmd line: -E)*
*/* Uncomment these lines to enter debugging mode *
*fork=no*
*log_stderror=yes*
**/*
*check_via=no # (cmd. line: -v)*
*dns=no # (cmd. line: -r)*
*rev_dns=no # (cmd. line: -R)*
*port=5060*
*children=4*
*fifo="/tmp/openser_fifo"*
*# uncomment the following lines for TLS support*
*disable_tls = 0*
*listen = tls:192.168.1.5:5061*
*tls_verify = 0*
*tls_require_certificate = 0*
*tls_method = SSLv23*
*tls_certificate = "/usr/local/etc/openser/tls/opensercert.pem"*
*tls_private_key = "/usr/local/etc/openser/tls/openser.pem"*
*tls_ca_list = "/usr/local/etc/openser/tls/calist.pem"*
**
etc......
*I captured with Ethereal the packets exchanged between the server(
192.168.1.5) and the client(192.168.1.98) and on the openserver interface I
found this dialog:*
*No. Time Source Destination Protocol Info*
1 0.000000 192.168.1.98 192.168.1.255 BROWSER Host Announcement MARCO,
Workstation, Server, NT Workstation
*No. Time Source Destination Protocol Info*
2 28.080507 192.168.1.98 Broadcast ARP Who has 192.168.1.5? Tell
192.168.1.98
*No. Time Source Destination Protocol Info*
3 28.080636 192.168.1.5 192.168.1.98 ARP 192.168.1.5 is at 00:50:fc:6d:0e:1e
*No. Time Source Destination Protocol Info*
4 28.080742 192.168.1.98 192.168.1.5 TCP 1439 > sip-tls [SYN] Seq=0 Ack=0
Win=65535 Len=0 MSS=1460
*No. Time Source Destination Protocol Info*
5 28.080841 192.168.1.5 192.168.1.98 TCP sip-tls > 1439 [RST, ACK] Seq=0
Ack=0 Win=0 Len=0
*No. Time Source Destination Protocol Info*
6 28.498558 192.168.1.98 192.168.1.5 TCP 1439 > sip-tls [SYN] Seq=0 Ack=0
Win=65535 Len=0 MSS=1460
*No. Time Source Destination Protocol Info*
7 28.498674 192.168.1.5 192.168.1.98 TCP sip-tls > 1439 [RST, ACK] Seq=0
Ack=1 Win=0 Len=0
*No. Time Source Destination Protocol Info*
8 29.045430 192.168.1.98 192.168.1.5 TCP 1439 > sip-tls [SYN] Seq=0 Ack=0
Win=65535 Len=0 MSS=1460
*No. Time Source Destination Protocol Info*
9 29.045538 192.168.1.5 192.168.1.98 TCP sip-tls > 1439 [RST, ACK] Seq=0
Ack=1 Win=0 Len=0
*No. Time Source Destination Protocol Info*
10 29.048035 192.168.1.98 192.168.1.5 TCP 1440 > https [SYN] Seq=0 Ack=0
Win=65535 Len=0 MSS=1460
*No. Time Source Destination Protocol Info*
11 29.048128 192.168.1.5 192.168.1.98 TCP https > 1440 [SYN, ACK] Seq=0
Ack=1 Win=5840 Len=0 MSS=1460
*No. Time Source Destination Protocol Info*
12 29.048245 192.168.1.98 192.168.1.5 TCP 1440 > https [ACK] Seq=1 Ack=1
Win=65535 Len=0
*No. Time Source Destination Protocol Info*
13 29.118672 192.168.1.98 192.168.1.5 SSLv3 Client Hello
**
*No. Time Source Destination Protocol Info*
14 29.118795 192.168.1.5 192.168.1.98 TCP https > 1440 [ACK] Seq=1 Ack=103
Win=5840 Len=0
*Frame 14 (54 bytes on wire, 54 bytes captured)*
**
*No. Time Source Destination Protocol Info*
15 31.192871 192.168.1.5 192.168.1.98 SSLv3 Server Hello, Certificate,
Server Hello Done
**
*No. Time Source Destination Protocol Info*
16 31.256175 192.168.1.98 192.168.1.5 SSLv3 Client Key Exchange, Change
Cipher Spec, Encrypted Handshake Message
**
*No. Time Source Destination Protocol Info*
17 31.256329 192.168.1.5 192.168.1.98 TCP https > 1440 [ACK] Seq=741 Ack=307
Win=6432 Len=0
*No. Time Source Destination Protocol Info*
18 31.317188 192.168.1.5 192.168.1.98 SSLv3 Change Cipher Spec, Encrypted
Handshake Message
*No. Time Source Destination Protocol Info*
19 31.318624 192.168.1.98 192.168.1.5 TCP 1440 > https [FIN, ACK] Seq=307
Ack=808 Win=64728 Len=0
*No. Time Source Destination Protocol Info*
20 31.335535 192.168.1.5 192.168.1.98 SSLv3 Encrypted Alert
**
*No. Time Source Destination Protocol Info*
21 31.335788 192.168.1.98 192.168.1.5 TCP 1440 > https [RST, ACK] Seq=308
Ack=831 Win=0 Len=0
*....so it seems that server and client use the TLS and exchange the
certificate....*
*Can someone help me? Why are there the TCP RSTs? What is the Encrypted
Alert? Is the configuration file exact or not? What can I do to find the
problem and solve it?*
**
*Thanks!*
*Silvia*
24 Apr
24 Apr
10:14 a.m.
The trange thing is that Windows Messenger also tries to establish an
https connection.
In any case, you have to import the CA-cert you genereated for signing
the TLS certificates into the Windows PC. (You can do it via the
Internet Explorer).
You can also try ssldump to trace the TLS handshake.
regards
klaus
Silvia talani wrote:
*Hi,*
**
*I want to use OpenSer with TLS but when I try to connect to openser
with Windows Messenger I receive this message:*
----------------------------------------------------------------------------------
"Impossible to establish an HTTPS or TCP connection."
----------------------------------------------------------------------------------
*I used the TLS tutorial from openser site to configure TLS; I created
the certificates and this is my _openser.cfg file_:*
//
/# $Id: openser.cfg,v 1.5 2005/10/28 19:45:33 bogdan_iancu Exp $/
/# simple quick-start config script/
/# ----------- global configuration parameters ------------------------/
/debug=3 # debug level (cmd line: -dddddddddd)/
/fork=yes/
/log_stderror=no # (cmd line: -E)/
//* Uncomment these lines to enter debugging mode /
/fork=no/
/log_stderror=yes/
/*//
/check_via=no # (cmd. line: -v)/
/dns=no # (cmd. line: -r)/
/rev_dns=no # (cmd. line: -R)/
/port=5060/
/children=4/
/fifo="/tmp/openser_fifo"/
/# uncomment the following lines for TLS support/
/disable_tls = 0/
/listen = tls:192.168.1.5:5061 <http://192.168.1.5:5061>/
/tls_verify = 0/
/tls_require_certificate = 0/
/tls_method = SSLv23/
/tls_certificate = "/usr/local/etc/openser/tls/opensercert.pem"/
/tls_private_key = "/usr/local/etc/openser/tls/openser.pem"/
/tls_ca_list = "/usr/local/etc/openser/tls/calist.pem"/
//
etc......
*I captured with _Ethereal_ the _packets exchanged_ between the
server(192.168.1.5 <http://192.168.1.5>) and the client(192.168.1.98
<http://192.168.1.98>) and on the openserver interface I found this
dialog: *
/No. Time Source Destination Protocol Info/
1 0.000000 192.168.1.98 <http://192.168.1.98> 192.168.1.255
<http://192.168.1.255> BROWSER Host Announcement MARCO, Workstation,
Server, NT Workstation
/No. Time Source Destination Protocol Info/
2 28.080507 192.168.1.98 <http://192.168.1.98> Broadcast ARP Who has
192.168.1.5 <http://192.168.1.5>? Tell 192.168.1.98 <http://192.168.1.98>
/No. Time Source Destination Protocol Info/
3 28.080636 192.168.1.5 <http://192.168.1.5> 192.168.1.98
<http://192.168.1.98> ARP 192.168.1.5 <http://192.168.1.5> is at
00:50:fc:6d:0e:1e
/No. Time Source Destination Protocol Info/
4 28.080742 192.168.1.98 <http://192.168.1.98> 192.168.1.5
<http://192.168.1.5> TCP 1439 > sip-tls [SYN] Seq=0 Ack=0 Win=65535
Len=0 MSS=1460
/No. Time Source Destination Protocol Info/
5 28.080841 192.168.1.5 <http://192.168.1.5> 192.168.1.98
<http://192.168.1.98> TCP sip-tls > 1439 [RST, ACK] Seq=0 Ack=0 Win=0 Len=0
/No. Time Source Destination Protocol Info/
6 28.498558 192.168.1.98 <http://192.168.1.98> 192.168.1.5
<http://192.168.1.5> TCP 1439 > sip-tls [SYN] Seq=0 Ack=0 Win=65535
Len=0 MSS=1460
/No. Time Source Destination Protocol Info/
7 28.498674 192.168.1.5 <http://192.168.1.5> 192.168.1.98
<http://192.168.1.98> TCP sip-tls > 1439 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
/No. Time Source Destination Protocol Info/
8 29.045430 192.168.1.98 <http://192.168.1.98> 192.168.1.5
<http://192.168.1.5> TCP 1439 > sip-tls [SYN] Seq=0 Ack=0 Win=65535
Len=0 MSS=1460
/No. Time Source Destination Protocol Info/
9 29.045538 192.168.1.5 <http://192.168.1.5> 192.168.1.98
<http://192.168.1.98> TCP sip-tls > 1439 [RST, ACK] Seq=0 Ack=1 Win=0 Len=0
/No. Time Source Destination Protocol Info/
10 29.048035 192.168.1.98 <http://192.168.1.98> 192.168.1.5
<http://192.168.1.5> TCP 1440 > https [SYN] Seq=0 Ack=0 Win=65535 Len=0
MSS=1460
/No. Time Source Destination Protocol Info/
11 29.048128 192.168.1.5 <http://192.168.1.5> 192.168.1.98
<http://192.168.1.98> TCP https > 1440 [SYN, ACK] Seq=0 Ack=1 Win=5840
Len=0 MSS=1460
/No. Time Source Destination Protocol Info/
12 29.048245 192.168.1.98 <http://192.168.1.98> 192.168.1.5
<http://192.168.1.5> TCP 1440 > https [ACK] Seq=1 Ack=1 Win=65535 Len=0
/No. Time Source Destination Protocol Info/
13 29.118672 192.168.1.98 <http://192.168.1.98> 192.168.1.5
<http://192.168.1.5> SSLv3 Client Hello
//
/No. Time Source Destination Protocol Info/
14 29.118795 192.168.1.5 <http://192.168.1.5> 192.168.1.98
<http://192.168.1.98> TCP https > 1440 [ACK] Seq=1 Ack=103 Win=5840 Len=0
/Frame 14 (54 bytes on wire, 54 bytes captured)/
//
/No. Time Source Destination Protocol Info/
15 31.192871 192.168.1.5 <http://192.168.1.5> 192.168.1.98
<http://192.168.1.98> SSLv3 Server Hello, Certificate, Server Hello Done
//
/No. Time Source Destination Protocol Info/
16 31.256175 192.168.1.98 <http://192.168.1.98> 192.168.1.5
<http://192.168.1.5> SSLv3 Client Key Exchange, Change Cipher Spec,
Encrypted Handshake Message
//
/No. Time Source Destination Protocol Info/
17 31.256329 192.168.1.5 <http://192.168.1.5> 192.168.1.98
<http://192.168.1.98> TCP https > 1440 [ACK] Seq=741 Ack=307 Win=6432 Len=0
/No. Time Source Destination Protocol Info/
18 31.317188 192.168.1.5 <http://192.168.1.5> 192.168.1.98
<http://192.168.1.98> SSLv3 Change Cipher Spec, Encrypted Handshake Message
/No. Time Source Destination Protocol Info/
19 31.318624 192.168.1.98 <http://192.168.1.98> 192.168.1.5
<http://192.168.1.5> TCP 1440 > https [FIN, ACK] Seq=307 Ack=808
Win=64728 Len=0
/No. Time Source Destination Protocol Info/
20 31.335535 192.168.1.5 <http://192.168.1.5> 192.168.1.98
<http://192.168.1.98> SSLv3 Encrypted Alert
//
/No. Time Source Destination Protocol Info/
21 31.335788 192.168.1.98 <http://192.168.1.98> 192.168.1.5
<http://192.168.1.5> TCP 1440 > https [RST, ACK] Seq=308 Ack=831 Win=0 Len=0
*....so it seems that server and client use the TLS and exchange the
certificate....*
*Can someone help me? Why are there the TCP RSTs? What is the Encrypted
Alert? Is the configuration file exact or not? What can I do to find the
problem and solve it?*
**
*Thanks!*
*Silvia*
------------------------------------------------------------------------
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
6796
days inactive
6799
days old
1 comments
2 participants
participants (2)
-
Klaus Darilion -
Silvia talani