This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
tutorials:tls:testing-and-debugging [2012/09/14 11:54] miconda created |
tutorials:tls:testing-and-debugging [2014/07/30 12:06] oej [TLS Clients] |
||
---|---|---|---|
Line 137: | Line 137: | ||
If you have problems decoding the TLS session you should enable debugging in Wireshark: Edit -> Preferences -> Protocols -> SSL -> SSL Debug File | If you have problems decoding the TLS session you should enable debugging in Wireshark: Edit -> Preferences -> Protocols -> SSL -> SSL Debug File | ||
+ | |||
+ | ===== Unencrypted TLS (NULL cipher) | ||
+ | |||
+ | TLS allows unencrypted useage when using the NULL cipher. This is very useful for debugging TLS connection, as you immediately see the SIP traffic. | ||
+ | |||
+ | The NULL cipher is usually disabled, thus it must be explicitly enabled. In Kamailio this can be done by configuring the TLS module: | ||
+ | < | ||
+ | modparam(" | ||
+ | </ | ||
+ | |||
+ | Of course also the SIP client must be configured to use the NULL cipher. Unfortunately this is hardly supported by SIP clients. | ||
===== TLS Clients ===== | ===== TLS Clients ===== | ||
Line 146: | Line 157: | ||
* Chrome: Windows certificate store | * Chrome: Windows certificate store | ||
* Firefox: Dedicated Firefox certificate store | * Firefox: Dedicated Firefox certificate store | ||
+ | * Asterisk: Configured in sip.conf | ||
+ | |||
+ | ===== SIP Clients with TLS Client Certificate Support ===== | ||
+ | |||
+ | Following a list of SIP clients that support TLS user certificates (needed for incoming TLS connections, | ||
+ | * QjSimple: select private key and certificate file in configuration dialog | ||
+ | * Jitis: Settings -> Advanced -> TLS | ||