[jitsi-users] Problem with pure TLS server


#1

Hi,

  I am connecting to a provider that only allows SIP-TLS connections to
port 5061.
I.e. nothing is listening on port 5060. It works well with both csipsimple
on Android and
Acrobits Softphone on iPhone.

  When I enter registrar and port 5061 and I fill in proxy with host, port
5061 and TLS
as a transport, I still get this:

net.java.sip.communicator.service.protocol.OperationFailedException: Unable
to create a via header for port 5060

  Thanks,

    Juraj.


#2

Hey there,

Hi,

  I am connecting to a provider that only allows SIP-TLS connections to port
5061.
I.e. nothing is listening on port 5060. It works well with both csipsimple
on Android and
Acrobits Softphone on iPhone.

  When I enter registrar and port 5061 and I fill in proxy with host, port
5061 and TLS
as a transport, I still get this:

net.java.sip.communicator.service.protocol.OperationFailedException: Unable
to create a via header for port 5060

This refers to a local port. It is not related to the server port and
is not necessarily an indication of a problem. What seems to be
happening otherwise?

Emil

···

On Thu, Aug 29, 2013 at 2:22 PM, Juraj Bednar <asterisk4juraj@gmail.com> wrote:

  Thanks,

    Juraj.

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
https://jitsi.org FAX: +33.1.77.62.47.31


#3

Hi,

  OK, so the problem was enabled SSLv2 Hello protocol, I kept only TLS and
now I can register. With the nightly build I can even add new truststore
and add my certificate (it's not included in default Java truststore). I
can make the call, but when I pick up, I get a weird message saying
"Internal ZRTP packet checksum mismatch" and that if I see more of them, it
can mean denial of service attack. I see a full screen of notifications
with this, but I highly doubt an attack, as other SIP clients work well.

   Tried both latest nightly build and latest 2.2 stable build. OS: Mac OS
X.

   Any idea what could be happening? Setup is: TCP SIP-TLS on port 5061 on
freeswitch. For now I am calling Acrobits Softphone on my phone. Two of
these together work well, as well as Softphone to CSIPSimple.

    Thanks,

      Juraj.

···

On Thu, Aug 29, 2013 at 6:03 PM, Emil Ivov <emcho@jitsi.org> wrote:

Hey there,

On Thu, Aug 29, 2013 at 2:22 PM, Juraj Bednar <asterisk4juraj@gmail.com> > wrote:
> Hi,
>
> I am connecting to a provider that only allows SIP-TLS connections to
port
> 5061.
> I.e. nothing is listening on port 5060. It works well with both
csipsimple
> on Android and
> Acrobits Softphone on iPhone.
>
> When I enter registrar and port 5061 and I fill in proxy with host,
port
> 5061 and TLS
> as a transport, I still get this:
>
> net.java.sip.communicator.service.protocol.OperationFailedException:
Unable
> to create a via header for port 5060

This refers to a local port. It is not related to the server port and
is not necessarily an indication of a problem. What seems to be
happening otherwise?

Emil
>
> Thanks,
>
> Juraj.
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
https://jitsi.org FAX: +33.1.77.62.47.31

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

Are you calling yourself? That is, the same instance of Jitsi that you are
initiating the call from?

--sent from my mobile

···

On 29 Aug 2013 21:30, "Juraj Bednar" <asterisk4juraj@gmail.com> wrote:

Hi,

  OK, so the problem was enabled SSLv2 Hello protocol, I kept only TLS and
now I can register. With the nightly build I can even add new truststore
and add my certificate (it's not included in default Java truststore). I
can make the call, but when I pick up, I get a weird message saying
"Internal ZRTP packet checksum mismatch" and that if I see more of them, it
can mean denial of service attack. I see a full screen of notifications
with this, but I highly doubt an attack, as other SIP clients work well.

   Tried both latest nightly build and latest 2.2 stable build. OS: Mac OS
X.

   Any idea what could be happening? Setup is: TCP SIP-TLS on port 5061 on
freeswitch. For now I am calling Acrobits Softphone on my phone. Two of
these together work well, as well as Softphone to CSIPSimple.

    Thanks,

      Juraj.

On Thu, Aug 29, 2013 at 6:03 PM, Emil Ivov <emcho@jitsi.org> wrote:

Hey there,

On Thu, Aug 29, 2013 at 2:22 PM, Juraj Bednar <asterisk4juraj@gmail.com> >> wrote:
> Hi,
>
> I am connecting to a provider that only allows SIP-TLS connections to
port
> 5061.
> I.e. nothing is listening on port 5060. It works well with both
csipsimple
> on Android and
> Acrobits Softphone on iPhone.
>
> When I enter registrar and port 5061 and I fill in proxy with host,
port
> 5061 and TLS
> as a transport, I still get this:
>
> net.java.sip.communicator.service.protocol.OperationFailedException:
Unable
> to create a via header for port 5060

This refers to a local port. It is not related to the server port and
is not necessarily an indication of a problem. What seems to be
happening otherwise?

Emil
>
> Thanks,
>
> Juraj.
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
https://jitsi.org FAX: +33.1.77.62.47.31

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#5

Hi,

  no, I am calling my iPhone running Acrobits Softphone.

    J.

···

On Thu, Aug 29, 2013 at 10:58 PM, Emil Ivov <emcho@jitsi.org> wrote:

Are you calling yourself? That is, the same instance of Jitsi that you are
initiating the call from?

--sent from my mobile
On 29 Aug 2013 21:30, "Juraj Bednar" <asterisk4juraj@gmail.com> wrote:

Hi,

  OK, so the problem was enabled SSLv2 Hello protocol, I kept only TLS
and now I can register. With the nightly build I can even add new
truststore and add my certificate (it's not included in default Java
truststore). I can make the call, but when I pick up, I get a weird message
saying "Internal ZRTP packet checksum mismatch" and that if I see more of
them, it can mean denial of service attack. I see a full screen of
notifications with this, but I highly doubt an attack, as other SIP clients
work well.

   Tried both latest nightly build and latest 2.2 stable build. OS: Mac
OS X.

   Any idea what could be happening? Setup is: TCP SIP-TLS on port 5061
on freeswitch. For now I am calling Acrobits Softphone on my phone. Two of
these together work well, as well as Softphone to CSIPSimple.

    Thanks,

      Juraj.

On Thu, Aug 29, 2013 at 6:03 PM, Emil Ivov <emcho@jitsi.org> wrote:

Hey there,

On Thu, Aug 29, 2013 at 2:22 PM, Juraj Bednar <asterisk4juraj@gmail.com> >>> wrote:
> Hi,
>
> I am connecting to a provider that only allows SIP-TLS connections
to port
> 5061.
> I.e. nothing is listening on port 5060. It works well with both
csipsimple
> on Android and
> Acrobits Softphone on iPhone.
>
> When I enter registrar and port 5061 and I fill in proxy with host,
port
> 5061 and TLS
> as a transport, I still get this:
>
> net.java.sip.communicator.service.protocol.OperationFailedException:
Unable
> to create a via header for port 5060

This refers to a local port. It is not related to the server port and
is not necessarily an indication of a problem. What seems to be
happening otherwise?

Emil
>
> Thanks,
>
> Juraj.
>
>
> _______________________________________________
> users mailing list
> users@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/users

--
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
Jitsi
emcho@jitsi.org PHONE: +33.1.77.62.43.30
https://jitsi.org FAX: +33.1.77.62.47.31

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#6

Well, there could be something wrong with their ZRTP implementation.

That's not related to TLS though. Have you tried a Jitsi to Jitsi call?

Emil

···

On 30.08.13, 08:21, Juraj Bednar wrote:

Hi,

   no, I am calling my iPhone running Acrobits Softphone.

     J.

On Thu, Aug 29, 2013 at 10:58 PM, Emil Ivov <emcho@jitsi.org > <mailto:emcho@jitsi.org>> wrote:

    Are you calling yourself? That is, the same instance of Jitsi that
    you are initiating the call from?

    --sent from my mobile

    On 29 Aug 2013 21:30, "Juraj Bednar" <asterisk4juraj@gmail.com > <mailto:asterisk4juraj@gmail.com>> wrote:

        Hi,

           OK, so the problem was enabled SSLv2 Hello protocol, I kept
        only TLS and now I can register. With the nightly build I can
        even add new truststore and add my certificate (it's not
        included in default Java truststore). I can make the call, but
        when I pick up, I get a weird message saying "Internal ZRTP
        packet checksum mismatch" and that if I see more of them, it can
        mean denial of service attack. I see a full screen of
        notifications with this, but I highly doubt an attack, as other
        SIP clients work well.

            Tried both latest nightly build and latest 2.2 stable build.
        OS: Mac OS X.

            Any idea what could be happening? Setup is: TCP SIP-TLS on
        port 5061 on freeswitch. For now I am calling Acrobits Softphone
        on my phone. Two of these together work well, as well as
        Softphone to CSIPSimple.

             Thanks,

               Juraj.

        On Thu, Aug 29, 2013 at 6:03 PM, Emil Ivov <emcho@jitsi.org > <mailto:emcho@jitsi.org>> wrote:

            Hey there,

            On Thu, Aug 29, 2013 at 2:22 PM, Juraj Bednar > <asterisk4juraj@gmail.com <mailto:asterisk4juraj@gmail.com>> > wrote:
             > Hi,
             >
             > I am connecting to a provider that only allows SIP-TLS
            connections to port
             > 5061.
             > I.e. nothing is listening on port 5060. It works well
            with both csipsimple
             > on Android and
             > Acrobits Softphone on iPhone.
             >
             > When I enter registrar and port 5061 and I fill in
            proxy with host, port
             > 5061 and TLS
             > as a transport, I still get this:
             >
            net.java.sip.communicator.service.protocol.OperationFailedException:
            Unable
             > to create a via header for port 5060

            This refers to a local port. It is not related to the server
            port and
            is not necessarily an indication of a problem. What seems to be
            happening otherwise?

            Emil
             >
             > Thanks,
             >
             > Juraj.
             >
             > _______________________________________________
             > users mailing list
             > users@jitsi.org <mailto:users@jitsi.org>
             > Unsubscribe instructions and other list options:
             > http://lists.jitsi.org/mailman/listinfo/users

            --
            Emil Ivov, Ph.D. 67000 Strasbourg,
            Project Lead France
            Jitsi
            emcho@jitsi.org <mailto:emcho@jitsi.org>
                PHONE: +33.1.77.62.43.30 <tel:%2B33.1.77.62.43.30>
            https://jitsi.org FAX:
            +33.1.77.62.47.31 <tel:%2B33.1.77.62.47.31>

            _______________________________________________
            users mailing list
            users@jitsi.org <mailto:users@jitsi.org>
            Unsubscribe instructions and other list options:
            http://lists.jitsi.org/mailman/listinfo/users

        _______________________________________________
        users mailing list
        users@jitsi.org <mailto:users@jitsi.org>
        Unsubscribe instructions and other list options:
        http://lists.jitsi.org/mailman/listinfo/users

    _______________________________________________
    users mailing list
    users@jitsi.org <mailto:users@jitsi.org>
    Unsubscribe instructions and other list options:
    http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
https://jitsi.org