See: http://www.opensips.org/html/docs/tutorials/tls-1.4.x.html#AEN211
By default opensips expect V2 or V3, but you can force V1 if you want. Regards, Bogdan Anil Pannikode wrote: > Sorry typo error. > > I have changed the protocol on both end to 'TLSv1' > > Anil > > > > > From: [email protected] > > To: [email protected] > > Date: Fri, 24 Apr 2009 09:31:59 -0400 > > CC: [email protected] > > Subject: Re: [OpenSIPS-Users] Trying to get TLS working with > OpenSips 1.5 > > > > Hi Bogdan, > > > > I have changed the protocol on both end to ''. Now I am getting a 'Wrong > > version number' > > > > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]: > > DBG:core:io_watch_add: io_watch_add(0x826ab20, 19, 2, 0xb3efcf50), > fd_no=1 > > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]: > > DBG:core:tls_update_fd: New fd is 19 > > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]: > > ERROR:core:tls_accept: some error in SSL: > > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]: > > ERROR:core:tls_print_errstack: error:1408F10B:SSL > > routines:SSL3_GET_RECORD:wrong version number > > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]: > > DBG:core:io_watch_del: io_watch_del (0x826ab20, 19, -1, 0x10) > fd_no=2 called > > > > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]: > > DBG:core:release_tcpconn: releasing con 0xb3efcf50, state -2, fd=19, > id=3 > > Apr 24 06:42:00 pc10-10-10-193 /usr/sbin/opensips[17009]: > > DBG:core:release_tcpconn: extra_data 0xb3f0d068 > > > > Remote end is a Dialogic VoipGateway, I was wondering if there is > another > > simple client I can use for testing TLS ? Once I get that working, I > can dig > > more into my current setup. > > > > Regards > > > > Anil > > > > > > > > -----Original Message----- > > From: Bogdan-Andrei Iancu [mailto:[email protected]] > > Sent: Friday, April 24, 2009 8:10 AM > > To: Anil Pannikode > > Cc: [email protected] > > Subject: Re: [OpenSIPS-Users] Trying to get TLS working with > OpenSips 1.5 > > > > Hi Anil, > > > > Are you sure the connecting party is also using TLS ? maybe it is using > > pure TCP instead of TLC - use tcpdump to see what is going one. > > > > Regards, > > Bogdan > > > > Anil Pannikode wrote: > > > THanks for the tip. I did not cut and paste the private key properly. > > > It is now loading how ever the connection is failing with the > > > following error > > > > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:tls_find_server_domain: virtual TLS server domain not found, > > > Using default TLS server domain settings > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:tls_tcpconn_init: found socket based TLS server domain > > > [0.0.0.0:0] > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:tls_tcpconn_init: Setting in ACCEPT mode (server) > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:tcpconn_add: hashes: 594, 1 > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:handle_new_connect: new connection: 0xb3ebdf50 24 flags: 0002 > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:send2child: to tcp child 0 0(16980), 0xb3ebdf50 > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: > > > DBG:core:handle_io: received n=4 con=0xb3ebdf50, fd=19 > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: > > > DBG:core:io_watch_add: io_watch_add(0x826ab20, 19, 2, 0xb3ebdf50), > > > fd_no=1 > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: > > > DBG:core:tls_update_fd: New fd is 19 > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: > > > ERROR:core:tls_accept: some error in SSL: > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: > > > ERROR:core:tls_print_errstack: error:140760FC:SSL > > > routines:SSL23_GET_CLIENT_HELLO:unknown protocol > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: > > > DBG:core:io_watch_del: io_watch_del (0x826ab20, 19, -1, 0x10) fd_no=2 > > > called > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: > > > DBG:core:release_tcpconn: releasing con 0xb3ebdf50, state -2, > fd=19, id=1 > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16980]: > > > DBG:core:release_tcpconn: extra_data 0xb3ece068 > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:handle_tcp_child: reader response= b3ebdf50, -2 from 0 > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:tcpconn_destroy: destroying connection 0xb3ebdf50, flags 0002 > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:tls_close: closing SSL connection > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:tls_update_fd: New fd is 24 > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:tls_shutdown: shutdown successful > > > Apr 23 14:13:27 pc10-10-10-193 /usr/sbin/opensips[16984]: > > > DBG:core:tls_tcpconn_clean: entered > > > > > > > > > Regards > > > > > > Anil > > > > > > > > > > > > > Date: Thu, 23 Apr 2009 23:24:44 +0300 > > > > From: [email protected] > > > > To: [email protected] > > > > CC: [email protected] > > > > Subject: Re: [OpenSIPS-Users] Trying to get TLS working with > > > OpenSips 1.5 > > > > > > > > Hi Anil, > > > > > > > > Typical error cases: > > > > - the private key file does not exist or you do not have permission > > > > to read that file > > > > - the private key file is not in PEM (base64 encoded) format. > > > > - if the private key file is encrypted, the password is not correct > > > > or no password was provided > > > > - if you loaded a certificate file before issuing this function, the > > > > public key in that certificate does not match the corresponding > private > > > > key in the private key file. > > > > > > > > Regards, > > > > Bogdan > > > > > > > > Anil M Pannikode (hotmail) wrote: > > > > > > > > > > I am getting the following error in the log files > > > > > > > > > > > > > > > > > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: > DBG:core:load_certificate: > > > > > entered > > > > > > > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: > DBG:core:load_certificate: > > > > > '//etc/opensips/tls/user/certonly.pem' successfuly loaded > > > > > > > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_ca: Entered > > > > > > > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:core:load_ca: CA > > > > > '//etc/opensips/tls/user/user-calist.pem' successfuly loaded > > > > > > > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: > DBG:core:load_private_key: > > > > > entered > > > > > > > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: > ERROR:core:load_private_key: > > > > > unable to load private key file > > > > > '//etc/opensips/tls/user/privatekey.pem'. Retry (2 left) (check > > > > > password case) > > > > > > > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: > ERROR:core:load_private_key: > > > > > unable to load private key file > > > > > '//etc/opensips/tls/user/privatekey.pem'. Retry (1 left) (check > > > > > password case) > > > > > > > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: > ERROR:core:load_private_key: > > > > > unable to load private key file > > > > > '//etc/opensips/tls/user/privatekey.pem'. Retry (0 left) (check > > > > > password case) > > > > > > > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: > ERROR:core:load_private_key: > > > > > unable to load private key file > > > '//etc/opensips/tls/user/privatekey.pem' > > > > > > > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: CRITICAL:core:main: > could > > > not > > > > > initialize tls, exiting... > > > > > > > > > > Apr 23 12:43:55 pc10-10-10-193 opensips: DBG:dispatcher:destroy: > > > > > destroying module ... > > > > > > > > > > > > > > > > > > > > Anybody know what the issues or where to set the password ? > > > > > > > > > > > > > > > > > > > > Anil > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > > > _______________________________________________ > > > > > Users mailing list > > > > > [email protected] > > > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > Create a cool, new character for your Windows LiveT Messenger. Check > > > it out <http://go.microsoft.com/?linkid=9656621> > > > > > > > > _______________________________________________ > > Users mailing list > > [email protected] > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ------------------------------------------------------------------------ > Windows Live Messenger makes it easier to stay in touch - learn how! > <http://go.microsoft.com/?linkid=9650731> _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
