User Tools

Site Tools


tutorials:tls:testing-and-debugging

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revision Both sides next revision
tutorials:tls:testing-and-debugging [2012/09/14 11:54]
miconda created
tutorials:tls:testing-and-debugging [2014/07/30 12:06]
oej [TLS Clients]
Line 137: Line 137:
  
 If you have problems decoding the TLS session you should enable debugging in Wireshark: Edit -> Preferences -> Protocols -> SSL -> SSL Debug File If you have problems decoding the TLS session you should enable debugging in Wireshark: Edit -> Preferences -> Protocols -> SSL -> SSL Debug File
 +
 +===== Unencrypted TLS (NULL cipher)  =====
 +
 +TLS allows unencrypted useage when using the NULL cipher. This is very useful for debugging TLS connection, as you immediately see the SIP traffic.
 +
 +The NULL cipher is usually disabled, thus it must be explicitly enabled. In Kamailio this can be done by configuring the TLS module:
 +<code>
 +modparam("tls", "cipher_list", "NULL")
 +</code>
 +
 +Of course also the SIP client must be configured to use the NULL cipher. Unfortunately this is hardly supported by SIP clients.
  
 ===== TLS Clients ===== ===== TLS Clients =====
Line 146: Line 157:
   * Chrome: Windows certificate store   * Chrome: Windows certificate store
   * Firefox: Dedicated Firefox certificate store   * Firefox: Dedicated Firefox certificate store
 +  * Asterisk: Configured in sip.conf
 +
 +===== SIP Clients with TLS Client Certificate Support =====
 +
 +Following a list of SIP clients that support TLS user certificates (needed for incoming TLS connections, of if the TLS server requires mutual TLS (MTLS))
 +  * QjSimple: select private key and certificate file in configuration dialog
 +  * Jitis: Settings -> Advanced -> TLS
  
tutorials/tls/testing-and-debugging.txt ยท Last modified: 2017/04/28 21:55 by mslehto