[OpenSIPS-Users] TLS handshake failure: SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770:

Babil (Golam Sarwar) gsbabil at gmail.com
Wed Jun 24 03:58:09 CEST 2015 

SSL version 2.0 has some serious flaws including undetectable downgrade
attacks [0], rendering the SSL protection worthless, and strictly not
recommended for production environments. Are you sure you want this for
your users?

[0]
http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0


On 23/06/2015 6:45 PM, Nabeel wrote:
> How can I enable SSL version 2 on OpenSIPS?
>
> On 23 Jun 2015 21:59, "Nabeel" <nabeelshikder at gmail.com
> <mailto:nabeelshikder at gmail.com>> wrote:
>
>     This is the full log.... is it using SSL version 2 which is disabled
>     in OpenSIPs?
>     In particular, this part:
>
>      "SIP/2.0 500 Server error occurred (7/TM)
>         Via: SIP/2.0/TLS"
>
>     06-23 21:45:39.790  14512-21632/com.domain
>     I/org.zoolu.net.TcpSocket﹕ Initializing SSLContext for first use
>     06-23 21:45:39.841  14512-21632/com.domain
>     I/org.zoolu.net.TcpSocket﹕ Adding the customKeyStore to trust
>     manager for SSLContext
>     06-23 21:45:39.944  14512-21632/com.domain
>     I/org.zoolu.net.TcpSocket﹕ Connecting socket to 87.xx.xxx.42, port 5061
>     06-23 21:45:39.945  14512-21632/com.domain I/System.out﹕
>     [socket][145] connection /87.xx.xxx.42:5061;LocalPort=41942(10000)
>     06-23 21:45:39.946  14512-21632/com.domain I/System.out﹕
>     [CDS]connect[/87.xx.xxx.42:5061] tm:10
>     06-23 21:45:40.088  14512-21632/com.domain I/System.out﹕
>     [socket][/192.168.0.11:41942 <http://192.168.0.11:41942>] connected
>     06-23 21:45:40.092  14512-21632/com.domain
>     I/org.zoolu.net.TcpSocket﹕ Local address is: /192.168.0.11:41942
>     <http://192.168.0.11:41942>
>     06-23 21:45:40.094  14512-21632/com.domain
>     I/org.zoolu.net.TcpSocket﹕ Starting SSL handshake
>     06-23 21:45:40.155  14512-21632/com.domain E/NativeCrypto﹕
>     ssl=0x55751d88 cert_verify_callback x509_store_ctx=0x56f378b8 arg=0x0
>     06-23 21:45:40.155  14512-21632/com.domain E/NativeCrypto﹕
>     ssl=0x55751d88 cert_verify_callback calling verifyCertificateChain
>     authMethod=RSA
>     06-23 21:45:40.199  14512-14512/com.domain I/SipUA:﹕
>     android.net.wifi.SCAN_RESULTS
>     06-23 21:45:40.316  14512-21632/com.domain I/AppendingTrustManager﹕
>     Trusting a server certificate based on local trust store
>     06-23 21:45:40.357  14512-21632/com.domain
>     I/org.zoolu.net.TcpSocket﹕ Getting SSL session
>     06-23 21:45:40.357  14512-21632/com.domain
>     I/org.zoolu.net.TcpSocket﹕ Checking SSL session validity
>     06-23 21:45:40.358  14512-21632/com.domain
>     I/org.zoolu.net.TcpSocket﹕ Secure connection established
>     06-23 21:45:40.361  14512-21632/com.domain
>     I/org.zoolu.net.TcpSocket﹕ TcpSocket now ready
>     06-23 21:45:40.374  14512-21632/com.domain I/AndroidTimer﹕ created
>     an AndroidTimer for 840000 MILLISECONDS, id =
>     siptimer:f7b935cc-dd7c-477a-b1cd-1818beec08c2
>     06-23 21:45:40.375  14512-21632/com.domain I/IntegratedSipProvider﹕
>     connection tcp: opened
>     06-23 21:45:40.376  14512-21632/com.domain I/IntegratedSipProvider﹕
>     active connenctions:
>     06-23 21:45:40.377  14512-21632/com.domain I/IntegratedSipProvider﹕
>     conn-id=tls:87.xx.xxx.42:5061: tcp:
>     06-23 21:45:40.378  14512-21632/com.domain I/IntegratedSipProvider﹕
>     sending data through conn tcp:
>     06-23 21:45:40.412  14512-21631/com.domain I/System.out﹕
>     [CDS]close[34412]
>     06-23 21:45:40.413  14512-21631/com.domain I/System.out﹕ close
>     [socket][/0.0.0.0:34412 <http://0.0.0.0:34412>]
>     06-23 21:45:40.570  14512-21641/com.domain I/AndroidTimer﹕ created
>     an AndroidTimer for 840000 MILLISECONDS, id =
>     siptimer:e730036d-5a22-4666-9de6-e1a1ec6fb517
>     06-23 21:45:40.573  14512-21641/com.domain I/IntegratedSipProvider﹕
>     message:
>         SIP/2.0 500 Server error occurred (7/TM)
>         Via: SIP/2.0/TLS
>     192.168.0.11:49068;received=192.168.0.11;rport=41942;branch=z9hG4bK71382
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

--
Regards,
Babil (Golam Sarwar)

PGP Key Fingerprint : D3A1 EED0 5BA0 72D3 A011 75CB 8EA6 7D99 F433 E92D
PGP Key Download URL: http://bit.ly/gsbabil-pgp-key

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opensips.org/pipermail/users/attachments/20150623/fb5f446b/attachment.pgp>

More information about the Users mailing list