[jitsi-users] Jitsi Failing to Connect to Ostel from Mac OS X - TLS


#1

Hi Ingo,

Thanks for the reply.

I only see SSLv2Hello, SSLv3 and TLSv1 under Preferences -> Advanced -> SIP Protocol.

I don't see TLSv1.1, TLSv1.2.

I've tried all combinations of the ones I do see - but to no avail.

Best,

Tony

···

On Feb 8, 2014, at 3:43 PM, users-request@jitsi.org wrote:

Message: 1
Date: Fri, 7 Feb 2014 23:08:50 +0100
From: "Ingo Bauersachs" <ingo@jitsi.org>
To: "'Jitsi Users'" <users@jitsi.org>
Subject: Re: [jitsi-users] Jitsi Failing to Connect to Ostel from Mac
  OS X - TLS Error
Message-ID: <000101cf2451$2eddea40$8c99bec0$@jitsi.org>
Content-Type: text/plain; charset="us-ascii"

Not more than a month or two ago, my Jitsi installation on Mac OS X

Mavericks

was working fine - connecting to my SIP provider, ostel.co.

At some point it stopped working, and I've just spent the last hour or so
trying to work out why.

I can connect fine using a Linux VM on the same machine, or on a separate
Windows computer.

However, under Mac OS X - just after the SSL/TLS handshake completes

between

Jitsi and the Ostel server - there is a TLSv1 Fatal Internal Error.

Not sure if I can attach files to messages to this list - however,

attacked

is a Wireshark/TCP dump PCAP file showing the exchange.

I've also tried upgrading the OpenSSL stack on Mac OS X - but that didn't
make any difference.

Any ideas?

This might be related to the SSL/TLS settings supported by the different
JVMs on Linux and OSX. Can you make a comparison of the settings within
Tools->Options->Advanced->SIP->SSL/TLS Protocols?

I suspect that TLSv1 is not enabled on OS X. If so, disable SSLv2Hello and
SSLv3; enable TLSv1, TLSv1.1, TLSv1.2 and restart Jitsi.

Best,
Tony

Ingo


#2

I only see SSLv2Hello, SSLv3 and TLSv1 under Preferences -> Advanced ->
SIP Protocol.

I don't see TLSv1.1, TLSv1.2.

You apparently run Jitsi on Java 6 (Mac OS X I guess). TLSv1.1 and TLSv1.2
were introduced with Java 7.

I've tried all combinations of the ones I do see - but to no avail.

Well, that was just a guess. I tried to connect to add an account with
asdf@ostel.co, which lead me a password prompt. So the TLS connection
obviously succeeded from here.

Jitsi's log might contain more information, if not, there's nothing more we
can do.

Best,
Tony

Ingo