Hello, openssl can play client and/or server role.
Best regards, Steffen 2006/12/29, Ncheeku Baranov <[EMAIL PROTECTED]>:
Thanks Steffen. Is there any freely available tls client which can be used to check this settings and the handshake? That will be really helpful.. Best regards, NCheeku On 12/28/06, Steffen Witt <[EMAIL PROTECTED]> wrote: > Hello Ncheeku, > > change to the directory with your ".pem" files: /usr/local/etc/openser/tls/user > > > Then you can test your TLS handshake with the following command: > > openssl s_server -cert user-cert.pem -key user-privkey.pem -state -accept 5061 > > Openssl simulates a TLS server with your certificate/private key files > and it accepts only requests at port 5061. > > > Best regards, > Steffen > > > > 2006/12/28, Ncheeku Baranov <[EMAIL PROTECTED]>: > > Thanks a lot Steffen. Adding the new listen = udp: 10.30.100.41:5060 indeed > > worked. How can I check the TLS handshake using openssl at the server? > > Thanks a lot.. > > > > > > > > On 12/28/06, Steffen Witt < [EMAIL PROTECTED]> wrote: > > > Hello again, > > > > > > maybe you should add the following line to test your non-TLS UAs: > > > > > > disable_tls = 0 > > > listen = udp:10.30.100.41:5060 <--- > > > listen = tls:10.30.100.41:5061 > > > > > > > > > You can check your TLS handshake by simulating your server with openssl. > > > > > > > > > Please have a look at the following link that describes the TLS support: > > > > > > http://www.openser.org/docs/tls.html > > > > > > > > > Best regards, > > > Steffen > > > > > > > > > > > > > > > 2006/12/28, Ncheeku Baranov < [EMAIL PROTECTED]>: > > > > Hi, > > > > > > > > I am trying to make my non-TLS/TLS UA register with my TLS enabled > > openSER. > > > > Currently I am just working on my local machine with the client UAs on > > the > > > > same subnet,(so there is only one domain, but its not named). Below is > > my > > > > configuration file: > > > > > > > > disable_tls = 0 > > > > listen = tls:10.30.100.41:5061 > > > > tls_verify_server = 1 > > > > tls_verify_client = 0 > > > > tls_require_client_certificate = 0 > > > > tls_method = TLSv1 > > > > tls_certificate = > > "/usr/local/etc/openser/tls/user/user- > > > > cert.pem" > > > > tls_private_key = > > "/usr/local/etc/openser/tls/user/user- > > > > privkey.pem" > > > > tls_ca_list = > > > > "usr/local/etc/openser/tls/user/user-calist.pem" > > > > > > > > However, with the above configuration the client UAs couldnot register > > and I > > > > got 408 Request Time out Message. Is there any field that is missing to > > make > > > > this simple scenario work? What should be the values of > > "tls_client_domain" > > > > and "tls_server_domain" fields in this case? > > > > > > > > I noticed that when I start the openSER without TLS support using > > > > "openserctl start" and do "ps -e" after that, there are more openSER > > > > processes running than if I start openSER with TLS support in which case > > I > > > > see very few of these processes running. > > > > > > > > Your help is much appreciated.... > > > > > > > > Best regards, > > > > NCheeku > > > > > > > > _______________________________________________ > > > > Users mailing list > > > > [email protected] > > > > http://openser.org/cgi-bin/mailman/listinfo/users > > > > > > > > > > > > > > > > > > > >
_______________________________________________ Users mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/users
