This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorials:tls:testing-and-debugging [2013/05/23 17:28] klaus3000 [TLS Clients] |
tutorials:tls:testing-and-debugging [2014/07/30 12:06] oej [TLS Clients] |
||
---|---|---|---|
Line 137: | Line 137: | ||
If you have problems decoding the TLS session you should enable debugging in Wireshark: Edit -> Preferences -> Protocols -> SSL -> SSL Debug File | If you have problems decoding the TLS session you should enable debugging in Wireshark: Edit -> Preferences -> Protocols -> SSL -> SSL Debug File | ||
+ | |||
+ | ===== Unencrypted TLS (NULL cipher) | ||
+ | |||
+ | TLS allows unencrypted useage when using the NULL cipher. This is very useful for debugging TLS connection, as you immediately see the SIP traffic. | ||
+ | |||
+ | The NULL cipher is usually disabled, thus it must be explicitly enabled. In Kamailio this can be done by configuring the TLS module: | ||
+ | < | ||
+ | modparam(" | ||
+ | </ | ||
+ | |||
+ | Of course also the SIP client must be configured to use the NULL cipher. Unfortunately this is hardly supported by SIP clients. | ||
===== TLS Clients ===== | ===== TLS Clients ===== | ||
Line 146: | Line 157: | ||
* Chrome: Windows certificate store | * Chrome: Windows certificate store | ||
* Firefox: Dedicated Firefox certificate store | * Firefox: Dedicated Firefox certificate store | ||
+ | * Asterisk: Configured in sip.conf | ||
===== SIP Clients with TLS Client Certificate Support ===== | ===== SIP Clients with TLS Client Certificate Support ===== |