[OpenSIPS-Users] TLS SNI Checks

Callum Guy callum.guy at x-on.co.uk
Thu May 7 14:29:18 EST 2020


Hi All,

Some of our clients are brave enough to access our OpenSIPs WebRTC
gateway using Microsoft Edge.

We've had some teething issues which have been diagnosed as a failed
SNI check due to the character casing, our certificate presents common
and alt names in lowercase (i.e. rtc.opensips.org) however Edge was
checking using a mix of uppercase and lowercase (i.e.
RTC.opensips.org). The server responds with a fatal alert message
"Description: Unrecognized Name (112)" indicating the mismatch.

The fix in our case is just to amend the client configuration however
most other browsers have been demonstrated to fix this by default. I'm
wondering if this is worth patching server side such that the
certificate names and client provided SNI's are held only in lowercase
or a case insensitive match is performed?

Thanks,

Callum

-- 


 <https://www.x-on.co.uk/service/surgery-connect/coronavirus.htm>


*0333 
332 0000  |  x-on.co.uk <https://www.x-on.co.uk>  |   ** 
<https://www.linkedin.com/company/x-on>   <https://www.facebook.com/XonTel> 
  <https://twitter.com/xonuk> **  |  Coronavirus 
<https://www.x-on.co.uk/service/surgery-connect/coronavirus.htm>*


THE 
ITSPA AWARDS 2020 <http://www.itspa.org.uk/itspa-awards> AND Best ITSP - 
Mid Market, Best Software and Best Vertical Solution are trade marks of the 
Internet Telephony Services Providers' Association, used under licence.


X-on
is a trading name of Storacall Technology Ltd a limited company 
registered in
England and Wales.

Registered Office : Avaland House, 110 
London Road, Apsley, Hemel Hempstead,
Herts, HP3 9SD. Company Registration 
No. 2578478.

The information in this e-mail is confidential and for use by 
the addressee(s)
only. If you are not the intended recipient, please notify 
X-on immediately on +44(0)333 332 0000 and delete the
message from your 
computer. If you are not a named addressee you must not use,
disclose, 
disseminate, distribute, copy, print or reply to this email. Views
or 
opinions expressed by an individual
within this email may not necessarily

reflect the views of X-on or its associated companies. Although X-on 
routinely
screens for viruses, addressees should scan this email and any 
attachments
for
viruses. X-on makes no representation or warranty as to the 
absence of viruses
in this email or any attachments.













More information about the Users mailing list