SSL version 2.0 has some serious flaws including undetectable downgrade attacks [0], rendering the SSL protection worthless, and strictly not recommended for production environments. Are you sure you want this for your users?
[0] http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0 On 23/06/2015 6:45 PM, Nabeel wrote: > How can I enable SSL version 2 on OpenSIPS? > > On 23 Jun 2015 21:59, "Nabeel" <[email protected] > <mailto:[email protected]>> wrote: > > This is the full log.... is it using SSL version 2 which is disabled > in OpenSIPs? > In particular, this part: > > "SIP/2.0 500 Server error occurred (7/TM) > Via: SIP/2.0/TLS" > > 06-23 21:45:39.790 14512-21632/com.domain > I/org.zoolu.net.TcpSocket﹕ Initializing SSLContext for first use > 06-23 21:45:39.841 14512-21632/com.domain > I/org.zoolu.net.TcpSocket﹕ Adding the customKeyStore to trust > manager for SSLContext > 06-23 21:45:39.944 14512-21632/com.domain > I/org.zoolu.net.TcpSocket﹕ Connecting socket to 87.xx.xxx.42, port 5061 > 06-23 21:45:39.945 14512-21632/com.domain I/System.out﹕ > [socket][145] connection /87.xx.xxx.42:5061;LocalPort=41942(10000) > 06-23 21:45:39.946 14512-21632/com.domain I/System.out﹕ > [CDS]connect[/87.xx.xxx.42:5061] tm:10 > 06-23 21:45:40.088 14512-21632/com.domain I/System.out﹕ > [socket][/192.168.0.11:41942 <http://192.168.0.11:41942>] connected > 06-23 21:45:40.092 14512-21632/com.domain > I/org.zoolu.net.TcpSocket﹕ Local address is: /192.168.0.11:41942 > <http://192.168.0.11:41942> > 06-23 21:45:40.094 14512-21632/com.domain > I/org.zoolu.net.TcpSocket﹕ Starting SSL handshake > 06-23 21:45:40.155 14512-21632/com.domain E/NativeCrypto﹕ > ssl=0x55751d88 cert_verify_callback x509_store_ctx=0x56f378b8 arg=0x0 > 06-23 21:45:40.155 14512-21632/com.domain E/NativeCrypto﹕ > ssl=0x55751d88 cert_verify_callback calling verifyCertificateChain > authMethod=RSA > 06-23 21:45:40.199 14512-14512/com.domain I/SipUA:﹕ > android.net.wifi.SCAN_RESULTS > 06-23 21:45:40.316 14512-21632/com.domain I/AppendingTrustManager﹕ > Trusting a server certificate based on local trust store > 06-23 21:45:40.357 14512-21632/com.domain > I/org.zoolu.net.TcpSocket﹕ Getting SSL session > 06-23 21:45:40.357 14512-21632/com.domain > I/org.zoolu.net.TcpSocket﹕ Checking SSL session validity > 06-23 21:45:40.358 14512-21632/com.domain > I/org.zoolu.net.TcpSocket﹕ Secure connection established > 06-23 21:45:40.361 14512-21632/com.domain > I/org.zoolu.net.TcpSocket﹕ TcpSocket now ready > 06-23 21:45:40.374 14512-21632/com.domain I/AndroidTimer﹕ created > an AndroidTimer for 840000 MILLISECONDS, id = > siptimer:f7b935cc-dd7c-477a-b1cd-1818beec08c2 > 06-23 21:45:40.375 14512-21632/com.domain I/IntegratedSipProvider﹕ > connection tcp: opened > 06-23 21:45:40.376 14512-21632/com.domain I/IntegratedSipProvider﹕ > active connenctions: > 06-23 21:45:40.377 14512-21632/com.domain I/IntegratedSipProvider﹕ > conn-id=tls:87.xx.xxx.42:5061: tcp: > 06-23 21:45:40.378 14512-21632/com.domain I/IntegratedSipProvider﹕ > sending data through conn tcp: > 06-23 21:45:40.412 14512-21631/com.domain I/System.out﹕ > [CDS]close[34412] > 06-23 21:45:40.413 14512-21631/com.domain I/System.out﹕ close > [socket][/0.0.0.0:34412 <http://0.0.0.0:34412>] > 06-23 21:45:40.570 14512-21641/com.domain I/AndroidTimer﹕ created > an AndroidTimer for 840000 MILLISECONDS, id = > siptimer:e730036d-5a22-4666-9de6-e1a1ec6fb517 > 06-23 21:45:40.573 14512-21641/com.domain I/IntegratedSipProvider﹕ > message: > SIP/2.0 500 Server error occurred (7/TM) > Via: SIP/2.0/TLS > 192.168.0.11:49068;received=192.168.0.11;rport=41942;branch=z9hG4bK71382 > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > -- Regards, Babil (Golam Sarwar) PGP Key Fingerprint : D3A1 EED0 5BA0 72D3 A011 75CB 8EA6 7D99 F433 E92D PGP Key Download URL: http://bit.ly/gsbabil-pgp-key
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
