Re: [OpenSIPS-Users] phone not getting regsitered using TLS
Hi Karsten, Interesting, i am using centos 7 and /etc/pki/tls/openssl.cnf file does not have any settings forCipherString On Sat, Jul 16, 2022 at 3:20 AM Karsten Wemheuer wrote: > Hi, > > looking at some search result shows, that TLS_RSA_WITH_RC4_128_SHA is > insecure and should not be used. Maybe the setting of CipherString in > openssl.cnf is causing the issue. On current Debian it is set like > this DEFAULT@SECLEVEL=2. > > Karsten > > Am Samstag, dem 16.07.2022 um 03:02 +1200 schrieb ideanet help: > > Hi Karsten, > > I thought the same initially but then looks like logs are saying: > > Client used ciphers are: > > TLS_RSA_WITH_RC4_128_MD5 > > TLS_RSA_WITH_RC4_128_SHA > > and servers response is cipherSuite TLS_RSA_WITH_RC4_128_SHA > > > > isn't it? > > > > > > > > On Sat, Jul 16, 2022 at 1:53 AM Karsten Wemheuer wrote: > > > Hi, > > > > > > the snom M9 is pretty old (End of Life 12/2016). Maybe the used > > > ciphers > > > are not secure enough for current TLS. > > > > > > HTH > > > > > > Have a nice day and weekend > > > > > > Karsten > > > > > > Am Samstag, dem 16.07.2022 um 01:20 +1200 schrieb ideanet help: > > > > Hi experts, > > > > > > > > One of my phones (SNOM M9) is not able to register using TLS. > > > > > > > > Here are the logs from opensips and ssldump. Maybe someone can > > > > pinpoint the issue? > > > > > > > > > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604] > > > > DBG:core:handle_new_connect: new connection: 0x7f16d2ba3bd8 80 > > > flags: > > > > 001c > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604] > > > > DBG:core:send2worker: to tcp worker 0 (0), 0x7f16d2ba3bd8 rw 1 > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > DBG:proto_tls:proto_tls_conn_init: looking up TLS server domain > > > > [xx.xx.xx.xx:5061] > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > DBG:tls_mgm:tls_find_server_domain: found TLS server domain: > > > > sip.tls.mysipdomain.com > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > DBG:tls_openssl:openssl_tls_conn_init: Creating a whole new ssl > > > > connection > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > DBG:tls_openssl:openssl_tls_conn_init: Setting in ACCEPT mode > > > > (server) > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > DBG:core:handle_io: > > > > We have received conn 0x7f16d2ba3bd8 with rw 1 on fd 4 > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > DBG:core:io_watch_add: [TCP_worker] io_watch_add op (4 on 74) > > > > (0x8f91e0, 4, 19, 0x7f16d2ba3bd8,1), fd_no=4/83886 > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > DBG:proto_tls:tls_read_req: Using the global ( per process ) buff > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > DBG:tls_openssl:openssl_tls_update_fd: New fd is 4 > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > DBG:proto_tls:tls_read_req: SSL accept/connect still pending! > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > DBG:proto_tls:tls_read_req: Using the global ( per process ) buff > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > DBG:tls_openssl:openssl_tls_update_fd: New fd is 4 > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > ERROR:tls_openssl:openssl_tls_accept: SSL_ERROR_SYSCALL > > > > err=Success(0) > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > ERROR:tls_openssl:openssl_tls_accept: New TLS connection from > > > > myphoneIP.xx.xx:2987 failed to accept > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > > ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake! > > > > > > > > _ > > > > > > > > ssldump logs: > > > > > > > > > > > > New TCP connection #3: myphoneIP.xx.xx(2082) <-> > > > > sip.tls.mysipdomain.com(5061) > > > > 3 1 0.0280 (0.0280) C>S Handshake > > > > ClientHello > > > > Version 3.1 > > > > cipher suites > > > > TLS_RSA_WITH_RC4_128_MD5 > > > > TLS_RSA_WITH_RC4_128_SHA > > > > compression methods > > > > NULL > > > > extensions > > > > server_name > > > > host_name: sip.tls.mysipdomain.com > > > > ja3 string: 769,4-5,0,, > > > > ja3 fingerprint: 8305e724a7c9f16b323465d289bc54a1 > > > > 3 2 0.0353 (0.0072) S>C Handshake > > > > ServerHello > > > > Version 3.1 > > > > session_id[0]= > > > > > > > > cipherSuite TLS_RSA_WITH_RC4_128_SHA > > > > compressionMethod NULL > > > > extensions > > > > server_name > > > > ja3s string: 769,5,0 > > > > ja3s fingerprint: 99f916287a3ac1de732520956ab94b77 > > > > 3 3 0.0353 (0.) S>C Handshake > > > > Certificate > > > > 3 4 0.0353 (0.) S>C Handshake > > > > ServerHelloDone > > > > 30.0653 (0.0299) C>S TCP FIN > > > > 30.0656 (0.0003)
Re: [OpenSIPS-Users] phone not getting regsitered using TLS
Hi, looking at some search result shows, that TLS_RSA_WITH_RC4_128_SHA is insecure and should not be used. Maybe the setting of CipherString in openssl.cnf is causing the issue. On current Debian it is set like this DEFAULT@SECLEVEL=2. Karsten Am Samstag, dem 16.07.2022 um 03:02 +1200 schrieb ideanet help: > Hi Karsten, > I thought the same initially but then looks like logs are saying: > Client used ciphers are: > TLS_RSA_WITH_RC4_128_MD5 > TLS_RSA_WITH_RC4_128_SHA > and servers response is cipherSuite TLS_RSA_WITH_RC4_128_SHA > > isn't it? > > > > On Sat, Jul 16, 2022 at 1:53 AM Karsten Wemheuer wrote: > > Hi, > > > > the snom M9 is pretty old (End of Life 12/2016). Maybe the used > > ciphers > > are not secure enough for current TLS. > > > > HTH > > > > Have a nice day and weekend > > > > Karsten > > > > Am Samstag, dem 16.07.2022 um 01:20 +1200 schrieb ideanet help: > > > Hi experts, > > > > > > One of my phones (SNOM M9) is not able to register using TLS. > > > > > > Here are the logs from opensips and ssldump. Maybe someone can > > > pinpoint the issue? > > > > > > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604] > > > DBG:core:handle_new_connect: new connection: 0x7f16d2ba3bd8 80 > > flags: > > > 001c > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604] > > > DBG:core:send2worker: to tcp worker 0 (0), 0x7f16d2ba3bd8 rw 1 > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > DBG:proto_tls:proto_tls_conn_init: looking up TLS server domain > > > [xx.xx.xx.xx:5061] > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > DBG:tls_mgm:tls_find_server_domain: found TLS server domain: > > > sip.tls.mysipdomain.com > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > DBG:tls_openssl:openssl_tls_conn_init: Creating a whole new ssl > > > connection > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > DBG:tls_openssl:openssl_tls_conn_init: Setting in ACCEPT mode > > > (server) > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > DBG:core:handle_io: > > > We have received conn 0x7f16d2ba3bd8 with rw 1 on fd 4 > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > DBG:core:io_watch_add: [TCP_worker] io_watch_add op (4 on 74) > > > (0x8f91e0, 4, 19, 0x7f16d2ba3bd8,1), fd_no=4/83886 > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > DBG:proto_tls:tls_read_req: Using the global ( per process ) buff > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > DBG:tls_openssl:openssl_tls_update_fd: New fd is 4 > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > DBG:proto_tls:tls_read_req: SSL accept/connect still pending! > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > DBG:proto_tls:tls_read_req: Using the global ( per process ) buff > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > DBG:tls_openssl:openssl_tls_update_fd: New fd is 4 > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > ERROR:tls_openssl:openssl_tls_accept: SSL_ERROR_SYSCALL > > > err=Success(0) > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > ERROR:tls_openssl:openssl_tls_accept: New TLS connection from > > > myphoneIP.xx.xx:2987 failed to accept > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > > ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake! > > > > > > _ > > > > > > ssldump logs: > > > > > > > > > New TCP connection #3: myphoneIP.xx.xx(2082) <-> > > > sip.tls.mysipdomain.com(5061) > > > 3 1 0.0280 (0.0280) C>S Handshake > > > ClientHello > > > Version 3.1 > > > cipher suites > > > TLS_RSA_WITH_RC4_128_MD5 > > > TLS_RSA_WITH_RC4_128_SHA > > > compression methods > > > NULL > > > extensions > > > server_name > > > host_name: sip.tls.mysipdomain.com > > > ja3 string: 769,4-5,0,, > > > ja3 fingerprint: 8305e724a7c9f16b323465d289bc54a1 > > > 3 2 0.0353 (0.0072) S>C Handshake > > > ServerHello > > > Version 3.1 > > > session_id[0]= > > > > > > cipherSuite TLS_RSA_WITH_RC4_128_SHA > > > compressionMethod NULL > > > extensions > > > server_name > > > ja3s string: 769,5,0 > > > ja3s fingerprint: 99f916287a3ac1de732520956ab94b77 > > > 3 3 0.0353 (0.) S>C Handshake > > > Certificate > > > 3 4 0.0353 (0.) S>C Handshake > > > ServerHelloDone > > > 30.0653 (0.0299) C>S TCP FIN > > > 30.0656 (0.0003) S>C TCP FIN > > > ___ > > > Users mailing list > > > Users@lists.opensips.org > > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > > > > ___ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > ___ > Users mailin
Re: [OpenSIPS-Users] phone not getting regsitered using TLS
Hi Karsten, I thought the same initially but then looks like logs are saying: Client used ciphers are: TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA and servers response is cipherSuite TLS_RSA_WITH_RC4_128_SHA isn't it? On Sat, Jul 16, 2022 at 1:53 AM Karsten Wemheuer wrote: > Hi, > > the snom M9 is pretty old (End of Life 12/2016). Maybe the used ciphers > are not secure enough for current TLS. > > HTH > > Have a nice day and weekend > > Karsten > > Am Samstag, dem 16.07.2022 um 01:20 +1200 schrieb ideanet help: > > Hi experts, > > > > One of my phones (SNOM M9) is not able to register using TLS. > > > > Here are the logs from opensips and ssldump. Maybe someone can > > pinpoint the issue? > > > > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604] > > DBG:core:handle_new_connect: new connection: 0x7f16d2ba3bd8 80 flags: > > 001c > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604] > > DBG:core:send2worker: to tcp worker 0 (0), 0x7f16d2ba3bd8 rw 1 > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > DBG:proto_tls:proto_tls_conn_init: looking up TLS server domain > > [xx.xx.xx.xx:5061] > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > DBG:tls_mgm:tls_find_server_domain: found TLS server domain: > > sip.tls.mysipdomain.com > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > DBG:tls_openssl:openssl_tls_conn_init: Creating a whole new ssl > > connection > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > DBG:tls_openssl:openssl_tls_conn_init: Setting in ACCEPT mode > > (server) > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:core:handle_io: > > We have received conn 0x7f16d2ba3bd8 with rw 1 on fd 4 > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > DBG:core:io_watch_add: [TCP_worker] io_watch_add op (4 on 74) > > (0x8f91e0, 4, 19, 0x7f16d2ba3bd8,1), fd_no=4/83886 > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > DBG:proto_tls:tls_read_req: Using the global ( per process ) buff > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > DBG:tls_openssl:openssl_tls_update_fd: New fd is 4 > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > DBG:proto_tls:tls_read_req: SSL accept/connect still pending! > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > DBG:proto_tls:tls_read_req: Using the global ( per process ) buff > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > DBG:tls_openssl:openssl_tls_update_fd: New fd is 4 > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > ERROR:tls_openssl:openssl_tls_accept: SSL_ERROR_SYSCALL > > err=Success(0) > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > ERROR:tls_openssl:openssl_tls_accept: New TLS connection from > > myphoneIP.xx.xx:2987 failed to accept > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > > ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake! > > > > _ > > > > ssldump logs: > > > > > > New TCP connection #3: myphoneIP.xx.xx(2082) <-> > > sip.tls.mysipdomain.com(5061) > > 3 1 0.0280 (0.0280) C>S Handshake > > ClientHello > > Version 3.1 > > cipher suites > > TLS_RSA_WITH_RC4_128_MD5 > > TLS_RSA_WITH_RC4_128_SHA > > compression methods > > NULL > > extensions > > server_name > > host_name: sip.tls.mysipdomain.com > > ja3 string: 769,4-5,0,, > > ja3 fingerprint: 8305e724a7c9f16b323465d289bc54a1 > > 3 2 0.0353 (0.0072) S>C Handshake > > ServerHello > > Version 3.1 > > session_id[0]= > > > > cipherSuite TLS_RSA_WITH_RC4_128_SHA > > compressionMethod NULL > > extensions > > server_name > > ja3s string: 769,5,0 > > ja3s fingerprint: 99f916287a3ac1de732520956ab94b77 > > 3 3 0.0353 (0.) S>C Handshake > > Certificate > > 3 4 0.0353 (0.) S>C Handshake > > ServerHelloDone > > 30.0653 (0.0299) C>S TCP FIN > > 30.0656 (0.0003) S>C TCP FIN > > ___ > > Users mailing list > > Users@lists.opensips.org > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Re: [OpenSIPS-Users] phone not getting regsitered using TLS
Hi, the snom M9 is pretty old (End of Life 12/2016). Maybe the used ciphers are not secure enough for current TLS. HTH Have a nice day and weekend Karsten Am Samstag, dem 16.07.2022 um 01:20 +1200 schrieb ideanet help: > Hi experts, > > One of my phones (SNOM M9) is not able to register using TLS. > > Here are the logs from opensips and ssldump. Maybe someone can > pinpoint the issue? > > > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604] > DBG:core:handle_new_connect: new connection: 0x7f16d2ba3bd8 80 flags: > 001c > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604] > DBG:core:send2worker: to tcp worker 0 (0), 0x7f16d2ba3bd8 rw 1 > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > DBG:proto_tls:proto_tls_conn_init: looking up TLS server domain > [xx.xx.xx.xx:5061] > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > DBG:tls_mgm:tls_find_server_domain: found TLS server domain: > sip.tls.mysipdomain.com > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > DBG:tls_openssl:openssl_tls_conn_init: Creating a whole new ssl > connection > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > DBG:tls_openssl:openssl_tls_conn_init: Setting in ACCEPT mode > (server) > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:core:handle_io: > We have received conn 0x7f16d2ba3bd8 with rw 1 on fd 4 > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > DBG:core:io_watch_add: [TCP_worker] io_watch_add op (4 on 74) > (0x8f91e0, 4, 19, 0x7f16d2ba3bd8,1), fd_no=4/83886 > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > DBG:proto_tls:tls_read_req: Using the global ( per process ) buff > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > DBG:tls_openssl:openssl_tls_update_fd: New fd is 4 > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > DBG:proto_tls:tls_read_req: SSL accept/connect still pending! > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > DBG:proto_tls:tls_read_req: Using the global ( per process ) buff > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > DBG:tls_openssl:openssl_tls_update_fd: New fd is 4 > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > ERROR:tls_openssl:openssl_tls_accept: SSL_ERROR_SYSCALL > err=Success(0) > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > ERROR:tls_openssl:openssl_tls_accept: New TLS connection from > myphoneIP.xx.xx:2987 failed to accept > Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] > ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake! > > _ > > ssldump logs: > > > New TCP connection #3: myphoneIP.xx.xx(2082) <-> > sip.tls.mysipdomain.com(5061) > 3 1 0.0280 (0.0280) C>S Handshake > ClientHello > Version 3.1 > cipher suites > TLS_RSA_WITH_RC4_128_MD5 > TLS_RSA_WITH_RC4_128_SHA > compression methods > NULL > extensions > server_name > host_name: sip.tls.mysipdomain.com > ja3 string: 769,4-5,0,, > ja3 fingerprint: 8305e724a7c9f16b323465d289bc54a1 > 3 2 0.0353 (0.0072) S>C Handshake > ServerHello > Version 3.1 > session_id[0]= > > cipherSuite TLS_RSA_WITH_RC4_128_SHA > compressionMethod NULL > extensions > server_name > ja3s string: 769,5,0 > ja3s fingerprint: 99f916287a3ac1de732520956ab94b77 > 3 3 0.0353 (0.) S>C Handshake > Certificate > 3 4 0.0353 (0.) S>C Handshake > ServerHelloDone > 30.0653 (0.0299) C>S TCP FIN > 30.0656 (0.0003) S>C TCP FIN > ___ > Users mailing list > Users@lists.opensips.org > http://lists.opensips.org/cgi-bin/mailman/listinfo/users ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
[OpenSIPS-Users] phone not getting regsitered using TLS
Hi experts, One of my phones (SNOM M9) is not able to register using TLS. Here are the logs from opensips and ssldump. Maybe someone can pinpoint the issue? Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604] DBG:core:handle_new_connect: new connection: 0x7f16d2ba3bd8 80 flags: 001c Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10604] DBG:core:send2worker: to tcp worker 0 (0), 0x7f16d2ba3bd8 rw 1 Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:proto_tls:proto_tls_conn_init: looking up TLS server domain [xx.xx.xx.xx:5061] Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:tls_mgm:tls_find_server_domain: found TLS server domain: sip.tls.mysipdomain.com Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:tls_openssl:openssl_tls_conn_init: Creating a whole new ssl connection Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:tls_openssl:openssl_tls_conn_init: Setting in ACCEPT mode (server) Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:core:handle_io: We have received conn 0x7f16d2ba3bd8 with rw 1 on fd 4 Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:core:io_watch_add: [TCP_worker] io_watch_add op (4 on 74) (0x8f91e0, 4, 19, 0x7f16d2ba3bd8,1), fd_no=4/83886 Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:proto_tls:tls_read_req: Using the global ( per process ) buff Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:tls_openssl:openssl_tls_update_fd: New fd is 4 Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:proto_tls:tls_read_req: SSL accept/connect still pending! Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:proto_tls:tls_read_req: Using the global ( per process ) buff Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] DBG:tls_openssl:openssl_tls_update_fd: New fd is 4 Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] ERROR:tls_openssl:openssl_tls_accept: SSL_ERROR_SYSCALL err=Success(0) Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] ERROR:tls_openssl:openssl_tls_accept: New TLS connection from myphoneIP.xx.xx:2987 failed to accept Jul 15 13:02:12 opensips: Jul 15 13:02:12 [10598] ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake! _ ssldump logs: New TCP connection #3: myphoneIP.xx.xx(2082) <-> sip.tls.mysipdomain.com (5061) 3 1 0.0280 (0.0280) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA compression methods NULL extensions server_name host_name: sip.tls.mysipdomain.com ja3 string: 769,4-5,0,, ja3 fingerprint: 8305e724a7c9f16b323465d289bc54a1 3 2 0.0353 (0.0072) S>C Handshake ServerHello Version 3.1 session_id[0]= cipherSuite TLS_RSA_WITH_RC4_128_SHA compressionMethod NULL extensions server_name ja3s string: 769,5,0 ja3s fingerprint: 99f916287a3ac1de732520956ab94b77 3 3 0.0353 (0.) S>C Handshake Certificate 3 4 0.0353 (0.) S>C Handshake ServerHelloDone 30.0653 (0.0299) C>S TCP FIN 30.0656 (0.0003) S>C TCP FIN ___ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users