[Freeswitch-users] wss conection closed

Javier Menendez menendez.garcia at gmail.com
Wed Jul 16 13:33:24 MSD 2014


now I am sure thr's the problem, I managed to configure chrome 35 to use
tls 1.1 and it works!, so my problem now...how can I setup freeswitch to
use tls 1.2??


On Fri, Jul 11, 2014 at 12:37 PM, Javier Menendez <menendez.garcia at gmail.com
> wrote:

> Ok, I think I know the reason but not how to fix it. Looks like chrome 35
> is using tlsv1.2, and previous versions are using tlsv1.2. My freeswitch is
> using v1.1 and I think that may be the reason, the problem now is I am not
> able to configure it to use version 1.2 I tried changing these params in
> the sip profile but it keeps using the old version
>  <param name="tls-version" value="tlsv1.2"/>
>  <param name="sip-tls-version" value="tlsv1.2"/>
>
>
>
>
>
> On Fri, Jul 11, 2014 at 10:08 AM, Javier Menendez <
> menendez.garcia at gmail.com> wrote:
>
>> wss endpoint looks fine,I have included the cert chain,and the test looks
>> fine
>>
>> Result  Check  Information     Valid To  07 Jun 2016 ( 697 days )
>> Weak Key <http://certlogik.com/ssl-checker/#>  Does not use a key on our
>> blacklist ( this is good )     Key-Size
>> <http://certlogik.com/ssl-checker/#>  2048    Signature Algorithm
>> Strong (sha256WithRSAEncryption)    Site Listed  Yes (website:myhost is
>> listed in the certifcate)    Trusted  Yes (certificate verified to a
>> trusted root)
>> Is there any new config param  from 1.4 to 1.5 regarding wss? I know
>> there were issues with browsers and I am using same config files from 1.4
>> in 1.5...may be?
>>
>>
>> On Thu, Jul 10, 2014 at 6:53 PM, Ciprian Dosoftei <
>> ciprian.dosoftei at gmail.com> wrote:
>>
>>> Then it's a server side thing issue. Have you validated the WSS endpoint
>>> here: http://www.sslshopper.com/ssl-checker.html?
>>>
>>> It may be able to point of some soft errors
>>>
>>> -Ciprian
>>>
>>>
>>> On 10 July 2014 17:48, Javier Menendez <menendez.garcia at gmail.com>
>>> wrote:
>>>
>>>> You are right, nothing relevant, the socket is closed before.
>>>>
>>>>
>>>> I think it must be something related with chrome, in latest version 35
>>>> it is not working but in version 26 it works.. but
>>>> webrtc.freeswitch.org works with version 35! what am I missing?
>>>>
>>>>
>>>> On Thu, Jul 10, 2014 at 6:28 PM, Ciprian Dosoftei <
>>>> ciprian.dosoftei at gmail.com> wrote:
>>>>
>>>>> You may be able to pull more info from the connection's entry on the
>>>>> Network tab of the developer's console. In normal circumstances, it should
>>>>> show a HTTP response code of 101 and a negotiation response like:
>>>>>
>>>>> Connection:Upgrade
>>>>> Sec-WebSocket-Accept:oVcPX2zhUVgae46nZWQT3WyOOQ0=
>>>>> Upgrade:websocket
>>>>>
>>>>> I bet the latter is not coming through since the connection is reset.
>>>>>
>>>>> If you cannot get any relevant info from this angle, I think a packet
>>>>> capture is the next step.
>>>>>
>>>>> -C
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 10 July 2014 17:07, Javier Menendez <menendez.garcia at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Thanks ciprian,
>>>>>> I am trying to debug this with chrome, I tryed to make a raw
>>>>>> websocket connection
>>>>>>  conn = new WebSocket("wss://myhost:10081")
>>>>>>
>>>>>> and I got a readyState 3. that's all I can debug :/
>>>>>>
>>>>>> If I access to https://myhost:10081/ it says verified, and its
>>>>>> green...
>>>>>>
>>>>>>
>>>>>> On Thu, Jul 10, 2014 at 5:40 PM, Ciprian Dosoftei <
>>>>>> ciprian.dosoftei at gmail.com> wrote:
>>>>>>
>>>>>>> Javier,
>>>>>>>
>>>>>>> It looks like the client is resetting the connection, it may after
>>>>>>> all be a SSL issue.
>>>>>>>
>>>>>>> Best way to start debugging is to pop up the developer console (I
>>>>>>> use Chrome and it never disappoints me when it comes down to tracking down
>>>>>>> issues) and see what's unusual with that WSS connection.
>>>>>>>
>>>>>>> -Ciprian
>>>>>>>
>>>>>>>
>>>>>>> On 10 July 2014 12:27, Javier Menendez <menendez.garcia at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I am trying to get the wss connection work, tried everything and
>>>>>>>> still doesn't work, I don't think it is a certificate problem because if I
>>>>>>>> try this manually:
>>>>>>>>
>>>>>>>> curl -v https://myhost.com:10081/ -H "Upgrade: WebSocket" -H
>>>>>>>> "Connection: Upgrade" -H "Sec-WebSocket-Protocol: sip" -H
>>>>>>>> "Sec-WebSocket-Key: +LLGYSDSKelND6UVF9z71w==" -H "Sec-WebSocket-Version:
>>>>>>>> 13"
>>>>>>>> * About to connect() to myhost.com port 10081 (#0)
>>>>>>>> *   Trying X.X.X.X... connected
>>>>>>>> * Connected to myhost.com (X.X.X.X) port 10081 (#0)
>>>>>>>> * successfully set certificate verify locations:
>>>>>>>> *   CAfile: none
>>>>>>>>   CApath: /etc/ssl/certs
>>>>>>>> * SSLv3, TLS handshake, Client hello (1):
>>>>>>>> * SSLv3, TLS handshake, Server hello (2):
>>>>>>>> * SSLv3, TLS handshake, CERT (11):
>>>>>>>> * SSLv3, TLS handshake, Server finished (14):
>>>>>>>> * SSLv3, TLS handshake, Client key exchange (16):
>>>>>>>> * SSLv3, TLS change cipher, Client hello (1):
>>>>>>>> * SSLv3, TLS handshake, Finished (20):
>>>>>>>> * SSLv3, TLS change cipher, Client hello (1):
>>>>>>>> * SSLv3, TLS handshake, Finished (20):
>>>>>>>> * SSL connection using AES256-SHA
>>>>>>>> * Server certificate:
>>>>>>>> *      subject: OU=Domain Control Validated; CN=myhost.com
>>>>>>>> *      start date: 2014-06-16 10:09:42 GMT
>>>>>>>> *      expire date: 2016-06-07 11:02:46 GMT
>>>>>>>> *      subjectAltName: myhost.com matched
>>>>>>>> *      issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.;
>>>>>>>> OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure
>>>>>>>> Certificate Authority - G2
>>>>>>>> *      SSL certificate verify ok.
>>>>>>>> > GET / HTTP/1.1
>>>>>>>> > User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.19.7
>>>>>>>> OpenSSL/0.9.8o zlib/1.2.3.3 libidn/1.15
>>>>>>>> > Host: myhost.com:10081
>>>>>>>> > Accept: */*
>>>>>>>> > Upgrade: WebSocket
>>>>>>>> > Connection: Upgrade
>>>>>>>> > Sec-WebSocket-Protocol: sip
>>>>>>>> > Sec-WebSocket-Key: +LLGYSDSKelND6UVF9z71w==
>>>>>>>> > Sec-WebSocket-Version: 13
>>>>>>>> >
>>>>>>>> < HTTP/1.1 101 Switching Protocols
>>>>>>>> < Upgrade: websocket
>>>>>>>> < Connection: Upgrade
>>>>>>>> < Sec-WebSocket-Accept: CQsVOMdurBA
>>>>>>>>
>>>>>>>>
>>>>>>>> so it seems to work, but if I try with jssip or sipml5 library I
>>>>>>>> got this trace log and the socket gets disconnected within half second
>>>>>>>>
>>>>>>>> freeswitch at internal> tport.c:2749 tport_wakeup_pri()
>>>>>>>> tport_wakeup_pri(0x7f2198004f20): events IN
>>>>>>>> tport.c:862 tport_alloc_secondary()
>>>>>>>> tport_alloc_secondary(0x7f2198004f20): new secondary tport 0x7f21980afb20
>>>>>>>> tport.c:2640 tport_accept() tport_accept(0x7f21980afb20): new
>>>>>>>> connection from wss/130.117.88.33:62056/sips
>>>>>>>> tport.c:2773 tport_wakeup() tport_wakeup(0x7f21980afb20): events IN
>>>>>>>> tport.c:2864 tport_recv_event() tport_recv_event(0x7f21980afb20)
>>>>>>>> tport.c:2296 tport_set_secondary_timer() tport(0x7f21980afb20):
>>>>>>>> reset timer
>>>>>>>> tport.c:2773 tport_wakeup() tport_wakeup(0x7f21980afb20): events IN
>>>>>>>> HUP ERR
>>>>>>>> nta.c:2719 agent_tp_error() nta_agent: tport: Conexión
>>>>>>>> reinicializada por la máquina remota
>>>>>>>> tport.c:2090 tport_close() tport_close(0x7f21980afb20): wss/
>>>>>>>> 130.117.88.33:62056/sips
>>>>>>>>
>>>>>>>> I am using last version from git and I also tried with 1.4 versions.
>>>>>>>> I have accept-blind-auth and accept-blind-reg to true, any clue?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _________________________________________________________________________
>>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>>> consulting at freeswitch.org
>>>>>>>> http://www.freeswitchsolutions.com
>>>>>>>>
>>>>>>>> 
>>>>>>>> 
>>>>>>>>
>>>>>>>> Official FreeSWITCH Sites
>>>>>>>> http://www.freeswitch.org
>>>>>>>> http://wiki.freeswitch.org
>>>>>>>> http://www.cluecon.com
>>>>>>>>
>>>>>>>> FreeSWITCH-users mailing list
>>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>>> UNSUBSCRIBE:
>>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>>> http://www.freeswitch.org
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best Regards,
>>>>>>> Ciprian Dosoftei
>>>>>>>
>>>>>>> The information transmitted is intended only for the addressee and
>>>>>>> may contain privileged and/or confidential material. If you are not the
>>>>>>> intended recipient, kindly contact the sender and delete the message.
>>>>>>>
>>>>>>> Any disclosure, distribution or copying of this message is strictly
>>>>>>> prohibited without the expressed permission of the sender.
>>>>>>>
>>>>>>>
>>>>>>> _________________________________________________________________________
>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>> consulting at freeswitch.org
>>>>>>> http://www.freeswitchsolutions.com
>>>>>>>
>>>>>>> 
>>>>>>> 
>>>>>>>
>>>>>>> Official FreeSWITCH Sites
>>>>>>> http://www.freeswitch.org
>>>>>>> http://wiki.freeswitch.org
>>>>>>> http://www.cluecon.com
>>>>>>>
>>>>>>> FreeSWITCH-users mailing list
>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>> UNSUBSCRIBE:
>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>> http://www.freeswitch.org
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org
>>>>>> http://www.freeswitchsolutions.com
>>>>>>
>>>>>> 
>>>>>> 
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org
>>>>>> http://wiki.freeswitch.org
>>>>>> http://www.cluecon.com
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best Regards,
>>>>> Ciprian Dosoftei
>>>>>
>>>>> The information transmitted is intended only for the addressee and may
>>>>> contain privileged and/or confidential material. If you are not the
>>>>> intended recipient, kindly contact the sender and delete the message.
>>>>>
>>>>> Any disclosure, distribution or copying of this message is strictly
>>>>> prohibited without the expressed permission of the sender.
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> 
>>>>> 
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>>
>>> --
>>> Best Regards,
>>> Ciprian Dosoftei
>>>
>>> The information transmitted is intended only for the addressee and may
>>> contain privileged and/or confidential material. If you are not the
>>> intended recipient, kindly contact the sender and delete the message.
>>>
>>> Any disclosure, distribution or copying of this message is strictly
>>> prohibited without the expressed permission of the sender.
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140716/c8de7581/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list