I have the exact same issue. Did you figure this one out?
Ian Buckner wrote: > > I just wanted to pick up on question 1 as I have the same problem and may > have got slightly further in tracing this: > > Using ssldump I see the following during the initial REGISTER operation: > > On OpenSips 1.7.0 > --------------------------- > New TCP connection #8: 81.5.147.34(61584) <-> myserver(5672) > 8 1 0.0996 (0.0996) C>S Handshake > ClientHello > Version 3.1 > cipher suites > Unknown value 0x39 > Unknown value 0x38 > Unknown value 0x35 > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA > TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA > TLS_RSA_WITH_3DES_EDE_CBC_SHA > Unknown value 0x33 > Unknown value 0x32 > Unknown value 0x2f > TLS_RSA_WITH_RC4_128_SHA > TLS_RSA_WITH_RC4_128_MD5 > TLS_DHE_RSA_WITH_DES_CBC_SHA > TLS_DHE_DSS_WITH_DES_CBC_SHA > TLS_RSA_WITH_DES_CBC_SHA > TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA > TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA > TLS_RSA_EXPORT_WITH_DES40_CBC_SHA > TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 > TLS_RSA_EXPORT_WITH_RC4_40_MD5 > compression methods > NULL > 8 2 0.1001 (0.0005) S>C Handshake > ServerHello > Version 3.1 > session_id[32]= > 0a 84 43 7a 4b 15 d9 11 f9 ca 51 f2 33 30 c3 07 > 12 dd 35 a1 33 e1 43 fc 14 84 f6 0d 98 67 93 97 > cipherSuite Unknown value 0x35 > compressionMethod NULL > 8 3 0.1001 (0.0000) S>C Handshake > Certificate > 8 4 0.1001 (0.0000) S>C Handshake > ServerHelloDone > 8 5 0.1546 (0.0545) C>S Handshake > ClientKeyExchange > 8 6 0.1546 (0.0000) C>S ChangeCipherSpec > 8 7 0.1546 (0.0000) C>S Handshake > 8 8 0.1557 (0.0010) S>C ChangeCipherSpec > 8 9 0.1557 (0.0000) S>C Handshake > 8 10 0.2133 (0.0575) C>S application_data > 8 11 0.2133 (0.0000) C>S application_data > 8 12 0.2140 (0.0007) S>C application_data > Unknown SSL content type 83 > 8 13 0.2686 (0.0545) C>S Alert > 8 14 0.2686 (0.0000) S>CShort record > 8 15 0.2686 (0.0000) S>C Alert > 8 16 0.2688 (0.0002) S>C Alert > 8 0.2689 (0.0000) S>C TCP RST > > i.e. an error on the first piece of application data sent from OpenSips > back to the client. In my case, the Blink 1.2.0 client shows as registered > (confirmed by opensipsctl ul show) but the TLS socket has been torn down. > > Rolling back to 1.6.4-2, using the same certificates and TLS > configuration: > > On OpenSips 1.6.4-2 > ---------------------------- > New TCP connection #7: 81.5.147.34(61303) <-> myserver(5672) > 7 1 0.0806 (0.0806) C>S Handshake > ClientHello > Version 3.1 > cipher suites > Unknown value 0x39 > Unknown value 0x38 > Unknown value 0x35 > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA > TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA > TLS_RSA_WITH_3DES_EDE_CBC_SHA > Unknown value 0x33 > Unknown value 0x32 > Unknown value 0x2f > TLS_RSA_WITH_RC4_128_SHA > TLS_RSA_WITH_RC4_128_MD5 > TLS_DHE_RSA_WITH_DES_CBC_SHA > TLS_DHE_DSS_WITH_DES_CBC_SHA > TLS_RSA_WITH_DES_CBC_SHA > TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA > TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA > TLS_RSA_EXPORT_WITH_DES40_CBC_SHA > TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 > TLS_RSA_EXPORT_WITH_RC4_40_MD5 > compression methods > NULL > 7 2 0.0811 (0.0005) S>C Handshake > ServerHello > Version 3.1 > session_id[32]= > 1b 63 c6 56 b0 aa 18 a0 57 3b 26 84 8a d8 5a d1 > ae 71 b2 9f 87 ff 02 31 d3 33 4d 7f 51 71 73 2e > cipherSuite Unknown value 0x35 > compressionMethod NULL > 7 3 0.0811 (0.0000) S>C Handshake > Certificate > 7 4 0.0811 (0.0000) S>C Handshake > ServerHelloDone > 7 5 0.1364 (0.0552) C>S Handshake > ClientKeyExchange > 7 6 0.1364 (0.0000) C>S ChangeCipherSpec > 7 7 0.1364 (0.0000) C>S Handshake > 7 8 0.1375 (0.0010) S>C ChangeCipherSpec > 7 9 0.1375 (0.0000) S>C Handshake > 7 10 0.1934 (0.0559) C>S application_data > 7 11 0.1934 (0.0000) C>S application_data > 7 12 0.1942 (0.0007) S>C application_data > 7 13 0.2565 (0.0623) C>S application_data > 7 14 0.2565 (0.0000) C>S application_data > 7 15 0.2587 (0.0022) S>C application_data > > Register succeeds, no error in the TLS channel, socket connection remains > open for subsequent interactions. > > @Yufei - perhaps you are able to confirm the same behaviour using ssldump > too. > > > best regards, > > Ian > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/Re-opensips-1-7-tls-problems-tp6749293p6885031.html Sent from the OpenSIPS - Users mailing list archive at Nabble.com. _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
