[OpenSIPS-Users] sip-ChatServer Not accepting TLS Cert from Client

mani sivaraman mani.opensips at gmail.com
Mon Nov 23 23:06:52 CET 2009 

sip-ChatServer is the MSRP Chat Server written in Python (by AG) and runs in
conjunction with opensips Server. OPensips routes chat session request INV
to sip-chatServer to handle it. This is more of a question for
sip-ChatServer. The sip-ChatServer accepts the INV and creates a chat room
and the sip session is established. But it rejects the incoming MSRPS media
connection. I guess it is due to client cert. I generated self signed client
auth cert on my PC using openssl. The following is the SSL Dump on the
server during connection.

Any pointer why the chat server rejects MSRPS connection will be
appreciated.

*Chat-Server Logs:*

Listening for incoming MSRPS connections on 63.148.166.215:2858

Incoming connection from 63.148.166.3:50233

Closed connection to 63.148.166.3:50233



*SSL DUMP on Server ( when trying to connect to sip-chatServer ) :***

New TCP connection #2: 63.148.166.3(51615) <-> smithmicro.com(2858)

2 1  0.0004 (0.0004)  C>S  Handshake

      ClientHello

        Version 3.1

        cipher suites

        Unknown value 0x39

        Unknown value 0x38

        Unknown value 0x35

        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

        TLS_RSA_WITH_3DES_EDE_CBC_SHA

        Unknown value 0x33

        Unknown value 0x32

        Unknown value 0x2f

        TLS_RSA_WITH_IDEA_CBC_SHA

        TLS_DHE_DSS_WITH_RC4_128_SHA

        TLS_RSA_WITH_RC4_128_SHA

        TLS_RSA_WITH_RC4_128_MD5

        TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA

        TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

        TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5

        TLS_DHE_RSA_WITH_DES_CBC_SHA

        TLS_DHE_DSS_WITH_DES_CBC_SHA

        TLS_RSA_WITH_DES_CBC_SHA

        TLS_DHE_DSS_WITH_RC2_56_CBC_SHA

        TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

        TLS_RSA_EXPORT1024_WITH_RC4_56_MD5

        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

        TLS_RSA_EXPORT_WITH_RC4_40_MD5

        compression methods

                  NULL

2 2  0.0015 (0.0010)  S>C  Handshake

      ServerHello

        Version 3.1

        session_id[32]=

          e2 f0 2c 8d cf f1 11 fc 0c f6 e9 7e e2 5d 67 75

          4f 13 39 40 c7 f0 20 dc 57 9e 3a 2b 05 40 93 93

        cipherSuite         TLS_RSA_WITH_3DES_EDE_CBC_SHA

        compressionMethod                   NULL

2 3  0.2746 (0.2730)  S>C  Handshake

      Certificate

*2 4  0.2746 (0.0000)  S>C  Handshake*

*      CertificateRequest*

*        certificate_types                   rsa_sign*

*        certificate_types                   dss_sign*

2 5  0.2746 (0.0000)  S>C  Handshake

      ServerHelloDone

2 6  0.2766 (0.0020)  C>S  Handshake

      Certificate

2 7  0.2766 (0.0000)  C>S  Handshake

      ClientKeyExchange

2 8  0.2766 (0.0000)  C>S  ChangeCipherSpec

2 9  0.2766 (0.0000)  C>S  Handshake

2 10 0.2826 (0.0059)  S>C  ChangeCipherSpec

2 11 0.6027 (0.3201)  S>C  Handshake

2 12 0.6087 (0.0060)  C>S  application_data

2 13 0.6087 (0.0000)  C>S  application_data

2 14 0.6109 (0.0021)  S>C  application_data

2 15 0.6114 (0.0004)  S>C  Alert

2    0.6114 (0.0000)  S>C  TCP FIN

2 16 0.6341 (0.0227)  C>S  Alert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20091123/a3585d4b/attachment-0001.htm

More information about the Users mailing list