[OpenSIPS-Users] TLS discrepancy between 1.7.1 and 1.11.5
Bogdan-Andrei Iancu
bogdan at opensips.org
Fri Sep 4 17:56:14 CEST 2015
Hi Matt,
You mean the force_send_socket() you do for the initial INVITE ? or ?
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 03.09.2015 17:19, Matt Hamilton wrote:
>
>
> Hi Bogdan,
>
> This issue is seems to be related to force_send_socket which behaves
> differently in 1.11 vs 1.7. To make it work, I had to explicitly
> specify the port and and the proto (for force_send_socket) based on
> "transport=tls" statement and the direction of the traffic.
>
> Matt
>
>
> ------------------------------------------------------------------------
> *From:* Bogdan-Andrei Iancu <bogdan at opensips.org>
> *Sent:* Monday, August 31, 2015 4:19 PM
> *To:* OpenSIPS users mailling list; Matt Hamilton
> *Subject:* Re: [OpenSIPS-Users] TLS discrepancy between 1.7.1 and 1.11.5
> Hi Matt,
>
> Indeed, the SIP messages do look ok.
>
> Could you post the OpenSIPS logs (in debug 4) for processing the
> NOTIFY request ?
>
> Regards,
> Bogdan-Andrei Iancu
> OpenSIPS Founder and Developer
> http://www.opensips-solutions.com
> On 31.08.2015 20:07, Matt Hamilton wrote:
>>
>> Hi Bogdan,
>>
>>
>> Pastebin link is http://pastebin.com/tM7zqTKX
>>
>>
>> I included both 1.7.1 and 1.11 captures. I don't see a difference
>> between them other than 1.11 sending the NOTIFY to UAC unencrypted.
>>
>> Btw, INVITEs seems to be behaving the same way as NOTIFY (don't have
>> a capture for those - I assume the issue is the same).
>>
>>
>> Btw, TLS works fine between Opensips 1.11 and the phone (OK messages,
>> etc. are encrypted).
>>
>>
>> Thanks,
>>
>> Matt
>>
>>
>> <http://pastebin.com/tM7zqTKX>
>>
>> Opensips TLS - Pastebin.com
>> Read more... <http://pastebin.com/tM7zqTKX>
>>
>>
>> ------------------------------------------------------------------------
>> *From:* Bogdan-Andrei Iancu <bogdan at opensips.org>
>> *Sent:* Monday, August 31, 2015 5:21 AM
>> *To:* OpenSIPS users mailling list; mistral9999 at hotmail.com
>> *Subject:* Re: [OpenSIPS-Users] TLS discrepancy between 1.7.1 and 1.11.5
>> Hi Matt,
>>
>> Can you post of pastebin (or similar) the SIP capture showing the
>> incoming NOTIFY (via UDP) from Asterisk and the outgoing NOTIFY
>> (supposedly via TLS) to UAC ?
>> Also the SUBSCRIBE request going from OpenSIPS to Asterisk will help
>> alot.
>>
>> Regards,
>> Bogdan-Andrei Iancu
>> OpenSIPS Founder and Developer
>> http://www.opensips-solutions.com
>> On 30.08.2015 18:22, Matt Hamilton wrote:
>>>
>>>
>>>
>>> We use Opensips (with TLS) as a dispatcher to multiple Asterisk
>>> servers. Currently we are in the process of upgrading from 1.7.1 to
>>> 1.11.5, and we ran into a discrepancy between 1.7.1 and 1.11.5
>>> regarding SIP NOTIFY messages.
>>>
>>>
>>> Here is the flow (both ways):
>>>
>>> UAC (TLS) -> Opensips (UDP)-> Asterisk
>>> Asterisk (UDP) -> Opensips (TLS)-> UAC
>>>
>>>
>>> In 1.7.1, all messages between Opensips and UAC were encrypted -
>>> didn't matter if it was originated at UAC or Asterisk.
>>>
>>> In 1.11.5, the SIP NOTIFY messages coming from Asterisk are sent to
>>> UAC unencrypted (and not accepted by UAC). Here is the request that
>>> Opensips receives and sends to the UAC in plaintext:
>>>
>>> Request-Line: NOTIFY sip:101 at 1.2.3.4:5075;transport=tls;nat=yes SIP/2.0
>>>
>>> Anything we can do to have that leg encrypted as well?
>>>
>>> Thanks,
>>> Matt
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20150904/4738ccad/attachment-0001.htm>
More information about the Users
mailing list