[jitsi-users] Jitsi with reSIProcate/repro TLS


#1

I've been trying build 4142 (latest nightly on Linux amd64) against the
repro SIP proxy from reSIProcate, TLS mode

I understand that from build 3912 onwards there is support for setting
the SSL/TLS modes:
http://java.net/nonav/projects/jitsi/lists/dev/archive/2012-02/message/178

The default setting doesn't work with repro (maybe similar problems
observed with other TLS servers that expect TLS and not SSL):

Aug 1 15:04:17 thp013 repro: INFO | 20120801-150417.394 | repro |
RESIP:TRANSPORT | 3010534256 | Connection.cxx:38 |
Connection::Connection: new connection created to who: [ V4
188.62.165.55:55830 TLS target domain=unspecified mFlowKey=171 ]
Aug 1 15:04:17 thp013 repro: INFO | 20120801-150417.394 | repro |
RESIP:TRANSPORT | 3010534256 | ssl/TlsConnection.cxx:42 | Creating TLS
connection for domain sip5060.net [ V4 188.xxx:xxxTLS target
domain=unspecified mFlowKey=0 ] on 171
Aug 1 15:04:17 thp013 repro: INFO | 20120801-150417.398 | repro |
RESIP:TRANSPORT | 3010534256 | ssl/TlsConnection.cxx:150 | TLS handshake
starting (Server mode)
Aug 1 15:04:17 thp013 repro: INFO | 20120801-150417.398 | repro |
RESIP:TRANSPORT | 3010534256 | ssl/TlsConnection.cxx:161 | TLS connected
Aug 1 15:04:17 thp013 repro: ERR | 20120801-150417.398 | repro |
RESIP:TRANSPORT | 3010534256 | ssl/TlsConnection.cxx:219 | TLS handshake
failed
Aug 1 15:04:17 thp013 repro: ERR | 20120801-150417.398 | repro |
RESIP:TRANSPORT | 3010534256 | ssl/TlsConnection.cxx:233 |
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Aug 1 15:04:17 thp013 repro: ERR | 20120801-150417.398 | repro |
RESIP:TRANSPORT | 3010534256 | ssl/TlsConnection.cxx:235 | Error code =
336130315 file=s3_pkt.c line=351

Notice this line in particular from the repro log:

error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

In the Options:Advanced:SIP window, I disable all the SSL options, and
only leave a tick next to TLSv1. Then it will successfully connect to
the repro proxy and register.

It would be interesting to know about other users' preferences for the
default SSL/TLS modes and experiences with different SIP servers/proxies

Note: repro is linked against OpenSSL 1.0.0:

ldd /usr/sbin/repro
...
  libssl.so.1.0.0 => /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
(0xb722a000)


#2

Hey Daniel

I've been trying build 4142 (latest nightly on Linux amd64) against the
repro SIP proxy from reSIProcate, TLS mode

I understand that from build 3912 onwards there is support for setting
the SSL/TLS modes:
http://java.net/nonav/projects/jitsi/lists/dev/archive/2012-02/message/17
8

[snip]

Notice this line in particular from the repro log:

error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

In the Options:Advanced:SIP window, I disable all the SSL options, and
only leave a tick next to TLSv1. Then it will successfully connect to
the repro proxy and register.

It would be interesting to know about other users' preferences for the
default SSL/TLS modes and experiences with different SIP servers/proxies

I don't have much experience with SIP servers. If I remember correctly
Kamailio has its default on TLSv1.

Unless you make overrides, Jitsi uses the default SSL/TLS versions of the
underlying Java runtime. For Java 6, this is SSLv3Hello/TLSv1 and now with
Java 7 it is TLSv1 (AFAIK out of my head).

[snip]

Regards,
Ingo