User Tools

Site Tools


tutorials:tls:testing-and-debugging

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
tutorials:tls:testing-and-debugging [2013/05/23 17:28]
klaus3000 [TLS Clients]
tutorials:tls:testing-and-debugging [2017/04/28 21:55] (current)
mslehto [Unencrypted TLS (NULL cipher)]
Line 137: Line 137:
  
 If you have problems decoding the TLS session you should enable debugging in Wireshark: Edit -> Preferences -> Protocols -> SSL -> SSL Debug File If you have problems decoding the TLS session you should enable debugging in Wireshark: Edit -> Preferences -> Protocols -> SSL -> SSL Debug File
 +
 +===== Unencrypted TLS (NULL cipher)  =====
 +
 +TLS allows unencrypted usage when using the NULL cipher. This is very useful for debugging TLS connection, as you immediately see the SIP traffic.
 +
 +The NULL cipher is usually disabled, thus it must be explicitly enabled. In Kamailio this can be done by configuring the TLS module:
 +<code>
 +modparam("tls", "cipher_list", "NULL")
 +</code>
 +
 +Of course also the SIP client must be configured to use the NULL cipher. Unfortunately this is hardly supported by SIP clients.
  
 ===== TLS Clients ===== ===== TLS Clients =====
Line 146: Line 157:
   * Chrome: Windows certificate store   * Chrome: Windows certificate store
   * Firefox: Dedicated Firefox certificate store   * Firefox: Dedicated Firefox certificate store
 +  * Asterisk: Configured in sip.conf
  
 ===== SIP Clients with TLS Client Certificate Support ===== ===== SIP Clients with TLS Client Certificate Support =====
Line 152: Line 164:
   * QjSimple: select private key and certificate file in configuration dialog   * QjSimple: select private key and certificate file in configuration dialog
   * Jitis: Settings -> Advanced -> TLS   * Jitis: Settings -> Advanced -> TLS
 +
 +
 +==== Trunking with Microsoft Lync ====
 +
 +For Microsoft Lync it is very important that the CN in the Kamailio server (and client) certificate use the name configured in the Topology as the PSTN trunk. Other names may be in the SubjectAltName fields.
 +Lync by default asks for a TLS client certificate when connecting to it using TLS. MS calls this MTLS - Mutual TLS.
 +  * Microsoft: TLS and MTLS in Lync http://technet.microsoft.com/en-us/library/gg195752(v=ocs.14).aspx
  
tutorials/tls/testing-and-debugging.1369322939.txt.gz ยท Last modified: 2013/05/23 17:28 by klaus3000