[OpenSIPS-Users] Help - opensips tls with windows messenger 5.1 tls connection issue

Suraj Kumar suraj_1998 at hotmail.com
Wed Nov 5 02:27:09 CET 2008 

Hi all,
 
I have been using ser and openser for quite a long time and recently installed opensips ( v1.4.2-tls) with TLS enabled to test tls with windows messenger but unable to establish TLS connection.
 
I used the certificates created from opensipsctl tool and also external tools with self signed root CA but tls connection seems to have some issues. After googled on internet there are few examples but none seems to have worked for me.
 
I have both the opensips and the windows messenger on the same LAN so there is no NAT or firewall issues as I can see the ssldump that has the packets flowing as below:
 
-------------------------------------
New TCP connection #9: ps-laptop(1268) <-> 192.168.1.90(5061)9 1  0.0023 (0.0023)  C>S  Handshake      ClientHello        Version 3.1         cipher suites        TLS_RSA_WITH_RC4_128_MD5        TLS_RSA_WITH_RC4_128_SHA        TLS_RSA_WITH_3DES_EDE_CBC_SHA        TLS_RSA_WITH_DES_CBC_SHA        TLS_RSA_EXPORT1024_WITH_RC4_56_SHA        TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA        TLS_RSA_EXPORT_WITH_RC4_40_MD5        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA        TLS_DHE_DSS_WITH_DES_CBC_SHA        TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA        compression methods                  NULL9 2  0.0037 (0.0014)  S>C  Handshake      ServerHello        Version 3.1         session_id[32]=          ed 7d c7 4d 37 b5 ae 96 78 28 42 80 3c b9 c9 4b           99 55 f8 0a ce 43 61 70 19 50 e8 69 02 db 27 ee         cipherSuite         TLS_RSA_WITH_3DES_EDE_CBC_SHA        compressionMethod                   NULL9 3  0.0038 (0.0000)  S>C  Handshake      Certificate9 4  0.0038 (0.0000)  S>C  Handshake      ServerHelloDone9    0.0159 (0.0120)  C>S  TCP FIN9    0.0168 (0.0009)  S>C  TCP FIN--------------
from the opensips log it appears some error on ssl without further description and not sure what causing this to break.
 
--------------------------------------
Nov  4 15:25:11 [29963] DBG:core:print_ip: tcpconn_new: new tcp connection to: 192.168.1.92Nov  4 15:25:11 [29963] DBG:core:tcpconn_new: on port 1545, type 3Nov  4 15:25:11 [29963] DBG:core:tls_tcpconn_init: entered: Creating a whole new ssl connectionNov  4 15:25:11 [29963] DBG:core:tls_tcpconn_init: looking up socket based TLS server domain [192.168.1.90:5061]Nov  4 15:25:11 [29963] DBG:core:tls_find_server_domain: virtual TLS server domain not found, Using default TLS server domain settingsNov  4 15:25:11 [29963] DBG:core:tls_tcpconn_init: found socket based TLS server domain [0.0.0.0:0]Nov  4 15:25:11 [29963] DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server)Nov  4 15:25:11 [29963] DBG:core:tcpconn_add: hashes: 713, 3Nov  4 15:25:11 [29963] DBG:core:handle_new_connect: new connection: 0xb608d058 16 flags: 0002Nov  4 15:25:11 [29963] DBG:core:send2child: to tcp child 0 0(29959), 0xb608d058Nov  4 15:25:11 [29959] DBG:core:handle_io: received n=4 con=0xb608d058, fd=11Nov  4 15:25:11 [29959] DBG:core:io_watch_add: io_watch_add(0x8174fe0, 11, 2, 0xb608d058), fd_no=1Nov  4 15:25:11 [29959] DBG:core:tls_update_fd: New fd is 11Nov  4 15:25:11 [29959] DBG:core:tls_update_fd: New fd is 11Nov  4 15:25:11 [29959] ERROR:core:tls_accept: some error in SSL:Nov  4 15:25:11 [29959] DBG:core:io_watch_del: io_watch_del (0x8174fe0, 11, -1, 0x10) fd_no=2 calledNov  4 15:25:11 [29959] DBG:core:release_tcpconn:  releasing con 0xb608d058, state -2, fd=11, id=3Nov  4 15:25:11 [29959] DBG:core:release_tcpconn:  extra_data 0xb609d170Nov  4 15:25:11 [29963] DBG:core:handle_tcp_child: reader response= b608d058, -2 from 0 Nov  4 15:25:11 [29963] DBG:core:tcpconn_destroy: destroying connection 0xb608d058, flags 0002Nov  4 15:25:11 [29963] DBG:core:tls_close: closing SSL connectionNov  4 15:25:11 [29963] DBG:core:tls_update_fd: New fd is 16Nov  4 15:25:11 [29963] DBG:core:tls_shutdown: shutdown successfulNov  4 15:25:11 [29963] DBG:core:tls_tcpconn_clean: entered
 
-----------------------------
any help in this regard is hightly appreciated.
 
thanks in advance
ps
 
_________________________________________________________________
Stay up to date on your PC, the Web, and your mobile phone with Windows Live.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093185mrt/direct/01/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20081105/f98aacc6/attachment-0001.htm

More information about the Users mailing list