< Previous by Date | Date Index | Next by Date > |
Thread Index | Next in Thread > |
Hi all, I hope that someone can help me with an issue that I’m encountering using TLS with the last revision of reSIProcate library. I wrote a SIP component using reSIProcate that can act as SIP registrar server or client. It worked correctly using TLS (OpenSSL library version 1.0.1g) with reSIProcate library version of 16th January 2015 (SHA-1: 0f248f90d750bff13ced3dd62e41bd4e0e8e53a4). With the last revision, client and server (both are using ExportableSuite CipherList) don’t register anymore. I report below an excerpt of stack diagnostic log. [SERVER] INFO | 20150529-112843.740 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:229 | TLS handshake starting (Server mode) INFO | 20150529-112843.740 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:240 | TLS connected WARNING | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:310 | SSL cipher or certificate failure SSL_ERROR_SSL DEBUG | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:328 | protocol did not reach certificate exchange phase, peer does not have a certificate or the certificate
was not accepted ERR | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:348 | TLS handshake failed
ERR | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:54 | error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher DEBUG | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:55 | Error code = 336109761 file=ssl\s3_srvr.c line=1353 ERR | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:58 | Got TLS SSL_do_handshake error=1 ret=-1 DEBUG | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | Connection.cxx:422 | Closing connection bytesRead=-1 DEBUG | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | ConnectionBase.cxx:115 | ConnectionBase::~ConnectionBase 056BD190 …… [CLIENT] WARNING | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:310 | SSL cipher or certificate failure SSL_ERROR_SSL DEBUG | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:328 | protocol did not reach certificate exchange phase, peer does not have a certificate or the certificate
was not accepted ERR | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:340 | Server did not present any certificiate to us, certificate invalid or protocol did not reach certificate
exchange ERR | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:348 | TLS handshake failed
ERR | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:54 | error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure DEBUG | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:55 | Error code = 336032784 file=ssl\s23_clnt.c line=762 ERR | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | TlsConnection.cxx:58 | Got TLS SSL_do_handshake error=1 ret=-1 DEBUG | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | Connection.cxx:422 | Closing connection bytesRead=-1 DEBUG | 20150529-112843.741 | SIP | RESIP:TRANSPORT | 11924 | ConnectionBase.cxx:115 | ConnectionBase::~ConnectionBase 056BDA78 Similar error happens when I use the following configurations: ·
Client and Server with ExportableSuite CipherList and
last revision of reSIProcate library. ·
Server with ExportableSuite CipherList and
last revision of reSIProcate library and Client with
ExportableSuite CipherList and reSIProcate library version of 16th January 2015. Instead Client and Server are able to register using TLS in the following configurations: ·
Client and Server with StrongestSuite CipherList and
last revision of reSIProcate library. ·
Server with StrongestSuite CipherList and
last revision of reSIProcate library and Client with
ExportableSuite CipherList and reSIProcate library version of 16th January 2015. ·
Client and Server with ExportableSuite CipherList and
reSIProcate library version of 16th January 2015. I noticed that StrongestSuite and ExportableSuite ChiperLists have been changed in last revision and that default value for ChiperList in BaseSecurity is now
StrongestSuite instead of ExportableSuite. Could someone help me? Did someone execute similar tests using TLS with the last revision of reSIProcate library? Thank you in advance. Kind regards, Dario |