[OpenSIPS-Users] phone not getting regsitered using TLS
Karsten Wemheuer
kwe at temp.temp
Fri Jul 15 13:40:45 UTC 2022
Hi,
the snom M9 is pretty old (End of Life 12/2016). Maybe the used ciphers
are not secure enough for current TLS.
HTH
Have a nice day and weekend
Karsten
Am Samstag, dem 16.07.2022 um 01:20 +1200 schrieb ideanet help:
> Hi experts,
>
> One of my phones (SNOM M9) is not able to register using TLS.
>
> Here are the logs from opensips and ssldump. Maybe someone can
> pinpoint the issue?
>
>
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604]
> DBG:core:handle_new_connect: new connection: 0x7f16d2ba3bd8 80 flags:
> 001c
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604]
> DBG:core:send2worker: to tcp worker 0 (0), 0x7f16d2ba3bd8 rw 1
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> DBG:proto_tls:proto_tls_conn_init: looking up TLS server domain
> [xx.xx.xx.xx:5061]
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> DBG:tls_mgm:tls_find_server_domain: found TLS server domain:
> sip.tls.mysipdomain.com
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> DBG:tls_openssl:openssl_tls_conn_init: Creating a whole new ssl
> connection
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> DBG:tls_openssl:openssl_tls_conn_init: Setting in ACCEPT mode
> (server)
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:core:handle_io:
> We have received conn 0x7f16d2ba3bd8 with rw 1 on fd 4
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> DBG:core:io_watch_add: [TCP_worker] io_watch_add op (4 on 74)
> (0x8f91e0, 4, 19, 0x7f16d2ba3bd8,1), fd_no=4/83886
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> DBG:proto_tls:tls_read_req: Using the global ( per process ) buff
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> DBG:proto_tls:tls_read_req: SSL accept/connect still pending!
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> DBG:proto_tls:tls_read_req: Using the global ( per process ) buff
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> ERROR:tls_openssl:openssl_tls_accept: SSL_ERROR_SYSCALL
> err=Success(0)
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> ERROR:tls_openssl:openssl_tls_accept: New TLS connection from
> myphoneIP.xx.xx:2987 failed to accept
> Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598]
> ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake!
>
> _________________________
>
> ssldump logs:
>
>
> New TCP connection #3: myphoneIP.xx.xx(2082) <->
> sip.tls.mysipdomain.com(5061)
> 3 1 0.0280 (0.0280) C>S Handshake
> ClientHello
> Version 3.1
> cipher suites
> TLS_RSA_WITH_RC4_128_MD5
> TLS_RSA_WITH_RC4_128_SHA
> compression methods
> NULL
> extensions
> server_name
> host_name: sip.tls.mysipdomain.com
> ja3 string: 769,4-5,0,,
> ja3 fingerprint: 8305e724a7c9f16b323465d289bc54a1
> 3 2 0.0353 (0.0072) S>C Handshake
> ServerHello
> Version 3.1
> session_id[0]=
>
> cipherSuite TLS_RSA_WITH_RC4_128_SHA
> compressionMethod NULL
> extensions
> server_name
> ja3s string: 769,5,0
> ja3s fingerprint: 99f916287a3ac1de732520956ab94b77
> 3 3 0.0353 (0.0000) S>C Handshake
> Certificate
> 3 4 0.0353 (0.0000) S>C Handshake
> ServerHelloDone
> 3 0.0653 (0.0299) C>S TCP FIN
> 3 0.0656 (0.0003) S>C TCP FIN
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
More information about the Users
mailing list