[OpenSIPS-Users] opensips 1.7+tls problems

Ian Buckner ian.buckner1 at googlemail.com
Wed Aug 31 13:44:49 CEST 2011


I just wanted to pick up on question 1 as I have the same problem and may have got slightly further in tracing this:

Using ssldump I see the following during the initial REGISTER operation:

On OpenSips 1.7.0
---------------------------
New TCP connection #8: 81.5.147.34(61584) <-> myserver(5672)
8 1  0.0996 (0.0996)  C>S  Handshake
      ClientHello
        Version 3.1 
        cipher suites
        Unknown value 0x39
        Unknown value 0x38
        Unknown value 0x35
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        Unknown value 0x33
        Unknown value 0x32
        Unknown value 0x2f
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_RC4_128_MD5
        TLS_DHE_RSA_WITH_DES_CBC_SHA
        TLS_DHE_DSS_WITH_DES_CBC_SHA
        TLS_RSA_WITH_DES_CBC_SHA
        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
        TLS_RSA_EXPORT_WITH_RC4_40_MD5
        compression methods
                  NULL
8 2  0.1001 (0.0005)  S>C  Handshake
      ServerHello
        Version 3.1 
        session_id[32]=
          0a 84 43 7a 4b 15 d9 11 f9 ca 51 f2 33 30 c3 07 
          12 dd 35 a1 33 e1 43 fc 14 84 f6 0d 98 67 93 97 
        cipherSuite         Unknown value 0x35
        compressionMethod                   NULL
8 3  0.1001 (0.0000)  S>C  Handshake
      Certificate
8 4  0.1001 (0.0000)  S>C  Handshake
      ServerHelloDone
8 5  0.1546 (0.0545)  C>S  Handshake
      ClientKeyExchange
8 6  0.1546 (0.0000)  C>S  ChangeCipherSpec
8 7  0.1546 (0.0000)  C>S  Handshake
8 8  0.1557 (0.0010)  S>C  ChangeCipherSpec
8 9  0.1557 (0.0000)  S>C  Handshake
8 10 0.2133 (0.0575)  C>S  application_data
8 11 0.2133 (0.0000)  C>S  application_data
8 12 0.2140 (0.0007)  S>C  application_data
Unknown SSL content type 83
8 13 0.2686 (0.0545)  C>S  Alert
8 14 0.2686 (0.0000)  S>CShort record
8 15 0.2686 (0.0000)  S>C  Alert
8 16 0.2688 (0.0002)  S>C  Alert
8    0.2689 (0.0000)  S>C  TCP RST

i.e. an error on the first piece of application data sent from OpenSips back to the client. In my case, the Blink 1.2.0 client shows as registered (confirmed by opensipsctl ul show) but the TLS socket has been torn down.

Rolling back to 1.6.4-2, using the same certificates and TLS configuration:

On OpenSips 1.6.4-2
----------------------------
New TCP connection #7: 81.5.147.34(61303) <-> myserver(5672)
7 1  0.0806 (0.0806)  C>S  Handshake
      ClientHello
        Version 3.1 
        cipher suites
        Unknown value 0x39
        Unknown value 0x38
        Unknown value 0x35
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        Unknown value 0x33
        Unknown value 0x32
        Unknown value 0x2f
        TLS_RSA_WITH_RC4_128_SHA
        TLS_RSA_WITH_RC4_128_MD5
        TLS_DHE_RSA_WITH_DES_CBC_SHA
        TLS_DHE_DSS_WITH_DES_CBC_SHA
        TLS_RSA_WITH_DES_CBC_SHA
        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
        TLS_RSA_EXPORT_WITH_RC4_40_MD5
        compression methods
                  NULL
7 2  0.0811 (0.0005)  S>C  Handshake
      ServerHello
        Version 3.1 
        session_id[32]=
          1b 63 c6 56 b0 aa 18 a0 57 3b 26 84 8a d8 5a d1 
          ae 71 b2 9f 87 ff 02 31 d3 33 4d 7f 51 71 73 2e 
        cipherSuite         Unknown value 0x35
        compressionMethod                   NULL
7 3  0.0811 (0.0000)  S>C  Handshake
      Certificate
7 4  0.0811 (0.0000)  S>C  Handshake
      ServerHelloDone
7 5  0.1364 (0.0552)  C>S  Handshake
      ClientKeyExchange
7 6  0.1364 (0.0000)  C>S  ChangeCipherSpec
7 7  0.1364 (0.0000)  C>S  Handshake
7 8  0.1375 (0.0010)  S>C  ChangeCipherSpec
7 9  0.1375 (0.0000)  S>C  Handshake
7 10 0.1934 (0.0559)  C>S  application_data
7 11 0.1934 (0.0000)  C>S  application_data
7 12 0.1942 (0.0007)  S>C  application_data
7 13 0.2565 (0.0623)  C>S  application_data
7 14 0.2565 (0.0000)  C>S  application_data
7 15 0.2587 (0.0022)  S>C  application_data

Register succeeds, no error in the TLS channel, socket connection remains open for subsequent interactions.

@Yufei - perhaps you are able to confirm the same behaviour using ssldump too.


best regards,

Ian

 






More information about the Users mailing list