Thanks Klaus. On 12/29/06, Klaus Darilion <[EMAIL PROTECTED]> wrote:
The only free TLS-capeable client is minisip. Commercial phones with TLs support are eyebeam (IMO the best client available and IMO worth the 60$) and the SNOM hardphones. MAybe the free snom softphone also supports TLS - but I do not know. regards klaus On Fri, December 29, 2006 15:21, Ncheeku Baranov said: > Thanks Steffen. Is there any freely available tls client which can be used > to check this settings and the handshake? That will be really helpful.. > > Best regards, > NCheeku > > > On 12/28/06, Steffen Witt <[EMAIL PROTECTED]> wrote: >> >> Hello Ncheeku, >> >> change to the directory with your ".pem" >> files: /usr/local/etc/openser/tls/user >> >> >> Then you can test your TLS handshake with the following command: >> >> openssl s_server -cert user-cert.pem -key user-privkey.pem -state >> -accept >> 5061 >> >> Openssl simulates a TLS server with your certificate/private key files >> and it accepts only requests at port 5061. >> >> >> Best regards, >> Steffen >> >> >> >> 2006/12/28, Ncheeku Baranov <[EMAIL PROTECTED]>: >> > Thanks a lot Steffen. Adding the new listen = >> udp:10.30.100.41:5060indeed >> > worked. How can I check the TLS handshake using openssl at the server? >> > Thanks a lot.. >> > >> > >> > >> > On 12/28/06, Steffen Witt <[EMAIL PROTECTED]> wrote: >> > > Hello again, >> > > >> > > maybe you should add the following line to test your non-TLS UAs: >> > > >> > > disable_tls = 0 >> > > listen = udp:10.30.100.41:5060 <--- >> > > listen = tls:10.30.100.41:5061 >> > > >> > > >> > > You can check your TLS handshake by simulating your server with >> openssl. >> > > >> > > >> > > Please have a look at the following link that describes the TLS >> support: >> > > >> > > http://www.openser.org/docs/tls.html >> > > >> > > >> > > Best regards, >> > > Steffen >> > > >> > > >> > > >> > > >> > > 2006/12/28, Ncheeku Baranov <[EMAIL PROTECTED]>: >> > > > Hi, >> > > > >> > > > I am trying to make my non-TLS/TLS UA register with my TLS enabled >> > openSER. >> > > > Currently I am just working on my local machine with the client >> UAs >> on >> > the >> > > > same subnet,(so there is only one domain, but its not named). >> Below >> is >> > my >> > > > configuration file: >> > > > >> > > > disable_tls = 0 >> > > > listen = tls:10.30.100.41:5061 >> > > > tls_verify_server = 1 >> > > > tls_verify_client = 0 >> > > > tls_require_client_certificate = 0 >> > > > tls_method = TLSv1 >> > > > tls_certificate = >> > "/usr/local/etc/openser/tls/user/user- >> > > > cert.pem" >> > > > tls_private_key = >> > "/usr/local/etc/openser/tls/user/user- >> > > > privkey.pem" >> > > > tls_ca_list = >> > > > "usr/local/etc/openser/tls/user/user-calist.pem" >> > > > >> > > > However, with the above configuration the client UAs couldnot >> register >> > and I >> > > > got 408 Request Time out Message. Is there any field that is >> missing >> to >> > make >> > > > this simple scenario work? What should be the values of >> > "tls_client_domain" >> > > > and "tls_server_domain" fields in this case? >> > > > >> > > > I noticed that when I start the openSER without TLS support using >> > > > "openserctl start" and do "ps -e" after that, there are more >> openSER >> > > > processes running than if I start openSER with TLS support in >> which >> case >> > I >> > > > see very few of these processes running. >> > > > >> > > > Your help is much appreciated.... >> > > > >> > > > Best regards, >> > > > NCheeku >> > > > >> > > > _______________________________________________ >> > > > Users mailing list >> > > > [email protected] >> > > > http://openser.org/cgi-bin/mailman/listinfo/users >> > > > >> > > > >> > > > >> > > >> > >> > >> > _______________________________________________ > Users mailing list > [email protected] > http://openser.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/users
