[OpenSIPS-Users] TLS handshake failure: SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770:

Nabeel nabeelshikder at gmail.com
Wed Jun 24 04:37:26 CEST 2015 

Well, I'm trying to connect my server to that specific SIP client, and
wondering if the cause of the error is SSL version 2 being disabled.  Once
I've found the cause of the error I can try to make my own application more
secure.
On 24 Jun 2015 02:58, "Babil (Golam Sarwar)" <gsbabil at gmail.com> wrote:

> SSL version 2.0 has some serious flaws including undetectable downgrade
> attacks [0], rendering the SSL protection worthless, and strictly not
> recommended for production environments. Are you sure you want this for
> your users?
>
> [0]
>
> http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0
>
>
> On 23/06/2015 6:45 PM, Nabeel wrote:
> > How can I enable SSL version 2 on OpenSIPS?
> >
> > On 23 Jun 2015 21:59, "Nabeel" <nabeelshikder at gmail.com
> > <mailto:nabeelshikder at gmail.com>> wrote:
> >
> >     This is the full log.... is it using SSL version 2 which is disabled
> >     in OpenSIPs?
> >     In particular, this part:
> >
> >      "SIP/2.0 500 Server error occurred (7/TM)
> >         Via: SIP/2.0/TLS"
> >
> >     06-23 21:45:39.790  14512-21632/com.domain
> >     I/org.zoolu.net.TcpSocket﹕ Initializing SSLContext for first use
> >     06-23 21:45:39.841  14512-21632/com.domain
> >     I/org.zoolu.net.TcpSocket﹕ Adding the customKeyStore to trust
> >     manager for SSLContext
> >     06-23 21:45:39.944  14512-21632/com.domain
> >     I/org.zoolu.net.TcpSocket﹕ Connecting socket to 87.xx.xxx.42, port
> 5061
> >     06-23 21:45:39.945  14512-21632/com.domain I/System.out﹕
> >     [socket][145] connection /87.xx.xxx.42:5061;LocalPort=41942(10000)
> >     06-23 21:45:39.946  14512-21632/com.domain I/System.out﹕
> >     [CDS]connect[/87.xx.xxx.42:5061] tm:10
> >     06-23 21:45:40.088  14512-21632/com.domain I/System.out﹕
> >     [socket][/192.168.0.11:41942 <http://192.168.0.11:41942>] connected
> >     06-23 21:45:40.092  14512-21632/com.domain
> >     I/org.zoolu.net.TcpSocket﹕ Local address is: /192.168.0.11:41942
> >     <http://192.168.0.11:41942>
> >     06-23 21:45:40.094  14512-21632/com.domain
> >     I/org.zoolu.net.TcpSocket﹕ Starting SSL handshake
> >     06-23 21:45:40.155  14512-21632/com.domain E/NativeCrypto﹕
> >     ssl=0x55751d88 cert_verify_callback x509_store_ctx=0x56f378b8 arg=0x0
> >     06-23 21:45:40.155  14512-21632/com.domain E/NativeCrypto﹕
> >     ssl=0x55751d88 cert_verify_callback calling verifyCertificateChain
> >     authMethod=RSA
> >     06-23 21:45:40.199  14512-14512/com.domain I/SipUA:﹕
> >     android.net.wifi.SCAN_RESULTS
> >     06-23 21:45:40.316  14512-21632/com.domain I/AppendingTrustManager﹕
> >     Trusting a server certificate based on local trust store
> >     06-23 21:45:40.357  14512-21632/com.domain
> >     I/org.zoolu.net.TcpSocket﹕ Getting SSL session
> >     06-23 21:45:40.357  14512-21632/com.domain
> >     I/org.zoolu.net.TcpSocket﹕ Checking SSL session validity
> >     06-23 21:45:40.358  14512-21632/com.domain
> >     I/org.zoolu.net.TcpSocket﹕ Secure connection established
> >     06-23 21:45:40.361  14512-21632/com.domain
> >     I/org.zoolu.net.TcpSocket﹕ TcpSocket now ready
> >     06-23 21:45:40.374  14512-21632/com.domain I/AndroidTimer﹕ created
> >     an AndroidTimer for 840000 MILLISECONDS, id =
> >     siptimer:f7b935cc-dd7c-477a-b1cd-1818beec08c2
> >     06-23 21:45:40.375  14512-21632/com.domain I/IntegratedSipProvider﹕
> >     connection tcp: opened
> >     06-23 21:45:40.376  14512-21632/com.domain I/IntegratedSipProvider﹕
> >     active connenctions:
> >     06-23 21:45:40.377  14512-21632/com.domain I/IntegratedSipProvider﹕
> >     conn-id=tls:87.xx.xxx.42:5061: tcp:
> >     06-23 21:45:40.378  14512-21632/com.domain I/IntegratedSipProvider﹕
> >     sending data through conn tcp:
> >     06-23 21:45:40.412  14512-21631/com.domain I/System.out﹕
> >     [CDS]close[34412]
> >     06-23 21:45:40.413  14512-21631/com.domain I/System.out﹕ close
> >     [socket][/0.0.0.0:34412 <http://0.0.0.0:34412>]
> >     06-23 21:45:40.570  14512-21641/com.domain I/AndroidTimer﹕ created
> >     an AndroidTimer for 840000 MILLISECONDS, id =
> >     siptimer:e730036d-5a22-4666-9de6-e1a1ec6fb517
> >     06-23 21:45:40.573  14512-21641/com.domain I/IntegratedSipProvider﹕
> >     message:
> >         SIP/2.0 500 Server error occurred (7/TM)
> >         Via: SIP/2.0/TLS
> >     192.168.0.11:49068
> ;received=192.168.0.11;rport=41942;branch=z9hG4bK71382
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
>
> --
> Regards,
> Babil (Golam Sarwar)
>
> PGP Key Fingerprint : D3A1 EED0 5BA0 72D3 A011 75CB 8EA6 7D99 F433 E92D
> PGP Key Download URL: http://bit.ly/gsbabil-pgp-key
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150624/6487b140/attachment-0001.htm>

More information about the Users mailing list