Hello,
thanks for reporting back it's working -- please keep the mailing list cc-ed, so people looking for same issue will be able to find it when searching the web archive.
I am using snom3xx with tls and kamailio 3.x a lot, never had issues, but I have no clue about the softphone.exe
Cheers, Daniel
On 3/11/12 8:09 PM, Kristijan Vrban wrote:
Hello Daniel,
many thanks for the fast reply, And yes, the session_cache option solved my problem. Well... the device i used was the immemorial snom360 softphone.exe running with wine :) The softphone i use since years for TLS testing.
Kristijan
2012/3/11 Daniel-Constantin Mierlamiconda@gmail.com:
Hello,
On 3/11/12 1:28 AM, Kristijan Vrban wrote:
Hello, how to tell that Kamailio should juse a session_id for tls ? See ssldump output below. I reckon that this is the reason the client i use end with "handshake_failure". Because when is use opensips, there is the session_id, and it's working.
Kristijan
2 1 0.0228 (0.0228) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 0.0519 (0.0519) C>S TCP FIN 2 2 0.0432 (0.0204) S>C Handshake ServerHello Version 3.1 session_id[0]=
cipherSuite TLS_RSA_WITH_RC4_128_MD5 compressionMethod NULL2 3 0.0432 (0.0000) S>C Handshake Certificate 2 4 0.0432 (0.0000) S>C Handshake ServerHelloDone 2 5 0.0452 (0.0020) C>S Alert level fatal value handshake_failure 1 0.0744 (0.0225) S>C TCP FIN 2 0.0681 (0.0228) S>C TCP FIN
the tls module has now the option to turn on/off session caching, which was on by default in openser 1.x. Now it is off as it does not make much benefits with out multi-process architecture. Try to add to your config:
modparam("tls", "session_cache", 1)
Let me know if works -- the module parameter is missing from the readme, perhaps the author forgot to add it at the time of development -- I will try to sync the sources and the readme for tls module asap.
Cheers, Daniel
-- Daniel-Constantin Mierla Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany http://www.asipto.com/index.php/kamailio-advanced-training/
the snom softphone: http://www.chip.de/downloads/360-Softphone_14364878.html
it's completely outdated. and therefore good for such backwards compatible tests.
Kristijan
2012/3/12 Daniel-Constantin Mierla miconda@gmail.com:
Hello,
thanks for reporting back it's working -- please keep the mailing list cc-ed, so people looking for same issue will be able to find it when searching the web archive.
I am using snom3xx with tls and kamailio 3.x a lot, never had issues, but I have no clue about the softphone.exe
Cheers, Daniel
On 3/11/12 8:09 PM, Kristijan Vrban wrote:
Hello Daniel,
many thanks for the fast reply, And yes, the session_cache option solved my problem. Well... the device i used was the immemorial snom360 softphone.exe running with wine :) The softphone i use since years for TLS testing.
Kristijan
2012/3/11 Daniel-Constantin Mierlamiconda@gmail.com:
Hello,
On 3/11/12 1:28 AM, Kristijan Vrban wrote:
Hello, how to tell that Kamailio should juse a session_id for tls ? See ssldump output below. I reckon that this is the reason the client i use end with "handshake_failure". Because when is use opensips, there is the session_id, and it's working.
Kristijan
2 1 0.0228 (0.0228) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 0.0519 (0.0519) C>S TCP FIN 2 2 0.0432 (0.0204) S>C Handshake ServerHello Version 3.1 session_id[0]=
cipherSuite TLS_RSA_WITH_RC4_128_MD5 compressionMethod NULL 2 3 0.0432 (0.0000) S>C Handshake Certificate 2 4 0.0432 (0.0000) S>C Handshake ServerHelloDone 2 5 0.0452 (0.0020) C>S Alert level fatal value handshake_failure 1 0.0744 (0.0225) S>C TCP FIN 2 0.0681 (0.0228) S>C TCP FIN
the tls module has now the option to turn on/off session caching, which was on by default in openser 1.x. Now it is off as it does not make much benefits with out multi-process architecture. Try to add to your config:
modparam("tls", "session_cache", 1)
Let me know if works -- the module parameter is missing from the readme, perhaps the author forgot to add it at the time of development -- I will try to sync the sources and the readme for tls module asap.
Cheers, Daniel
-- Daniel-Constantin Mierla Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany http://www.asipto.com/index.php/kamailio-advanced-training/
-- Daniel-Constantin Mierla Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany http://www.asipto.com/index.php/kamailio-advanced-training/
On 3/12/12 4:31 PM, Kristijan Vrban wrote:
the snom softphone: http://www.chip.de/downloads/360-Softphone_14364878.html
it's completely outdated. and therefore good for such backwards compatible tests.
interesting! Does it support client certificate? Or is like with snom hardphones, it can use server certificate for encryption, but you cannot set a client side certificate for using it to do user authentication.
Cheers, Daniel
Kristijan
2012/3/12 Daniel-Constantin Mierlamiconda@gmail.com:
Hello,
thanks for reporting back it's working -- please keep the mailing list cc-ed, so people looking for same issue will be able to find it when searching the web archive.
I am using snom3xx with tls and kamailio 3.x a lot, never had issues, but I have no clue about the softphone.exe
Cheers, Daniel
On 3/11/12 8:09 PM, Kristijan Vrban wrote:
Hello Daniel,
many thanks for the fast reply, And yes, the session_cache option solved my problem. Well... the device i used was the immemorial snom360 softphone.exe running with wine :) The softphone i use since years for TLS testing.
Kristijan
2012/3/11 Daniel-Constantin Mierlamiconda@gmail.com:
Hello,
On 3/11/12 1:28 AM, Kristijan Vrban wrote:
Hello, how to tell that Kamailio should juse a session_id for tls ? See ssldump output below. I reckon that this is the reason the client i use end with "handshake_failure". Because when is use opensips, there is the session_id, and it's working.
Kristijan
2 1 0.0228 (0.0228) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 0.0519 (0.0519) C>S TCP FIN 2 2 0.0432 (0.0204) S>C Handshake ServerHello Version 3.1 session_id[0]=
cipherSuite TLS_RSA_WITH_RC4_128_MD5 compressionMethod NULL2 3 0.0432 (0.0000) S>C Handshake Certificate 2 4 0.0432 (0.0000) S>C Handshake ServerHelloDone 2 5 0.0452 (0.0020) C>S Alert level fatal value handshake_failure 1 0.0744 (0.0225) S>C TCP FIN 2 0.0681 (0.0228) S>C TCP FIN
the tls module has now the option to turn on/off session caching, which was on by default in openser 1.x. Now it is off as it does not make much benefits with out multi-process architecture. Try to add to your config:
modparam("tls", "session_cache", 1)
Let me know if works -- the module parameter is missing from the readme, perhaps the author forgot to add it at the time of development -- I will try to sync the sources and the readme for tls module asap.
Cheers, Daniel
-- Daniel-Constantin Mierla Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany http://www.asipto.com/index.php/kamailio-advanced-training/
-- Daniel-Constantin Mierla Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany http://www.asipto.com/index.php/kamailio-advanced-training/
Does it support client certificate?
don't know. never tested.
2012/3/13 Daniel-Constantin Mierla miconda@gmail.com:
On 3/12/12 4:31 PM, Kristijan Vrban wrote:
the snom softphone: http://www.chip.de/downloads/360-Softphone_14364878.html
it's completely outdated. and therefore good for such backwards compatible tests.
interesting! Does it support client certificate? Or is like with snom hardphones, it can use server certificate for encryption, but you cannot set a client side certificate for using it to do user authentication.
Cheers, Daniel
Kristijan
2012/3/12 Daniel-Constantin Mierlamiconda@gmail.com:
Hello,
thanks for reporting back it's working -- please keep the mailing list cc-ed, so people looking for same issue will be able to find it when searching the web archive.
I am using snom3xx with tls and kamailio 3.x a lot, never had issues, but I have no clue about the softphone.exe
Cheers, Daniel
On 3/11/12 8:09 PM, Kristijan Vrban wrote:
Hello Daniel,
many thanks for the fast reply, And yes, the session_cache option solved my problem. Well... the device i used was the immemorial snom360 softphone.exe running with wine :) The softphone i use since years for TLS testing.
Kristijan
2012/3/11 Daniel-Constantin Mierlamiconda@gmail.com:
Hello,
On 3/11/12 1:28 AM, Kristijan Vrban wrote:
Hello, how to tell that Kamailio should juse a session_id for tls ? See ssldump output below. I reckon that this is the reason the client i use end with "handshake_failure". Because when is use opensips, there is the session_id, and it's working.
Kristijan
2 1 0.0228 (0.0228) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 0.0519 (0.0519) C>S TCP FIN 2 2 0.0432 (0.0204) S>C Handshake ServerHello Version 3.1 session_id[0]=
cipherSuite TLS_RSA_WITH_RC4_128_MD5 compressionMethod NULL 2 3 0.0432 (0.0000) S>C Handshake Certificate 2 4 0.0432 (0.0000) S>C Handshake ServerHelloDone 2 5 0.0452 (0.0020) C>S Alert level fatal value handshake_failure 1 0.0744 (0.0225) S>C TCP FIN 2 0.0681 (0.0228) S>C TCP FIN
the tls module has now the option to turn on/off session caching, which was on by default in openser 1.x. Now it is off as it does not make much benefits with out multi-process architecture. Try to add to your config:
modparam("tls", "session_cache", 1)
Let me know if works -- the module parameter is missing from the readme, perhaps the author forgot to add it at the time of development -- I will try to sync the sources and the readme for tls module asap.
Cheers, Daniel
-- Daniel-Constantin Mierla Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany http://www.asipto.com/index.php/kamailio-advanced-training/
-- Daniel-Constantin Mierla Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany http://www.asipto.com/index.php/kamailio-advanced-training/
-- Daniel-Constantin Mierla Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany http://www.asipto.com/index.php/kamailio-advanced-training/
-
Daniel-Constantin Mierla -
Kristijan Vrban