[OpenSIPS-Users] opensips 2.2.5 and TLS configuration

Fri, 08 Sep 2017 08:41:08 -0700 

Hi Guys,

Sorry for the noise.

I am testing SIP over TLS and having some issues getting client devices to 
register having upgraded from opensips 1.11 to 2.2.5.

Please see my configuration below;


opensips 2.2.5


listen=tcp:<Public_IP>:5060
listen=tls:<Public_IP>:5061
loadmodule "proto_tcp.so"
loadmodule "proto_udp.so"
loadmodule "proto_tls.so"
loadmodule "tls_mgm.so"

#Global params
modparam("tls_mgm", "tls_method", "SSLv23")
modparam("tls_mgm", "certificate", 
"/etc/opensips/tls/rootCA/certs/ssl_certificate.pem")
modparam("tls_mgm", "private_key", 
"/etc/opensips/tls/rootCA/certs/sip.provider.net.pem")
modparam("tls_mgm", "ca_list", 
"/etc/opensips/tls/rootCA/certs/IntermediateCA.pem")
modparam("tls_mgm", "require_cert", "0")
modparam("tls_mgm", "verify_cert", "1")
#server domain
modparam("tls_mgm", "server_domain", "sv_dom=<Public_IP>:5061")
modparam("tls_mgm", "certificate", 
"sv_dom:/etc/opensips/tls/rootCA/certs/ssl_certificate.pem")
modparam("tls_mgm", "private_key", 
"sv_dom:/etc/opensips/tls/rootCA/certs/sip.provider.net.pem")
modparam("tls_mgm", "ca_list", 
"sv_dom:/etc/opensips/tls/rootCA/certs/IntermediateCA.pem")
modparam("tls_mgm", "tls_method", "sv_dom:SSLv23")
modparam("tls_mgm", "require_cert", "sv_dom:0")
modparam("tls_mgm", "verify_cert", "sv_dom:1")



I am trying to register both Bria client and Yealink and I cant register my 
device, opensips logs show no errors;

Sep  8 15:14:56 localhost VU-SIP-Proxy[14664]: INFO:core:probe_max_sock_buff: 
using snd buffer of 244 kb
Sep  8 15:14:56 localhost VU-SIP-Proxy[14664]: INFO:core:init_sock_keepalive: 
TCP keepalive enabled on socket 37
Sep  8 15:14:56 localhost VU-SIP-Proxy[14649]: INFO:proto_tls:tls_accept: New 
TLS connection from 91.151.6.28:10405 accepted
Sep  8 15:14:56 localhost VU-SIP-Proxy[14649]: INFO:proto_tls:tls_accept: 
Client did not present a TLS certificate
Sep  8 15:14:56 localhost VU-SIP-Proxy[14649]: 
INFO:proto_tls:tls_dump_cert_info: tls_accept: local TLS server certificate 
subject: /CN=sip.provider.net, issuer: /C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 
CA

And in a wireshark trace when debugging I see using the private key, there is 
Client Hello,Server Hello, Certificate, Server Hello Done, then Client Key 
Exchange, Change Cipher Spec,Finished, then New Session Ticket, change Cipher 
Spec, then finished.

At which point I see Close Notify.

Do I need to specify a Ciphers list?

I appreciate debugging TLS can be complex but having had it working ok in the 
testing phase on 1.11 I presume I am just misconfiguring for 2.2?

Many Thanks!

Jon


_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to