<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Ok, thanks – I’ll try that.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] <b>On Behalf Of </b>Peter<br><b>Sent:</b> Monday, September 16, 2013 3:45 AM<br><b>To:</b> FreeSWITCH Users Help<br><b>Subject:</b> Re: [Freeswitch-users] TLS problem<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'>Note that Linphone uses its own CA list (derived from Mozilla's list).<br><br>If you are using a self-signed cert, then you need to add the FS CA cert into the Linphone rootca.pem file. You'll either need a rooted/jail broken phone to do this, or compile your own version with your CA cert appended to rootca.pem<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On Mon, Sep 16, 2013 at 3:46 AM, Dror Lupu <<a href="mailto:drorlupu@gmail.com" target="_blank">drorlupu@gmail.com</a>> wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><p class=MsoNormal>I followed the steps in the Wiki: <a href="http://wiki.freeswitch.org/wiki/SIP_TLS" target="_blank">http://wiki.freeswitch.org/wiki/SIP_TLS</a><br>Using the gentls_cert script.<br><br>I verified that all .pem files got created.<o:p></o:p></p><div><div><p class=MsoNormal style='margin-bottom:12.0pt'><br>-----Original Message-----<br>From: <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-bounces@lists.freeswitch.org</a><br>[mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-bounces@lists.freeswitch.org</a>] On Behalf Of Brian<br>West<br>Sent: Sunday, September 15, 2013 8:35 PM<br>To: FreeSWITCH Users Help<br>Subject: Re: [Freeswitch-users] TLS problem<br><br>Its probably going to be the cipher suite, how did you generate the<br>certificate?<br>--<br>Brian West<br><a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a><br>FreeSWITCH Solutions, LLC<br>PO BOX PO BOX 2531<br>Brookfield, WI 53008-2531<br>Twitter: @FreeSWITCH_Wire , @briankwest<br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a><br><br>T: <a href="tel:%2B1.918.420.9001">+1.918.420.9001</a> | F: <a href="tel:%2B1.918.420.9002">+1.918.420.9002</a> | M: +1.918.424.WEST<br>iNUM: <a href="tel:%2B883%205100%201420%209001">+883 5100 1420 9001</a><br>ISN: 410*543<br>Skype:briankwest<br>PGP Key: <a href="http://www.bkw.org/key.txt" target="_blank">http://www.bkw.org/key.txt</a> (AB93356707C76CED)<br><br>On Sep 14, 2013, at 1:35 PM, Dror Lupu <<a href="mailto:drorlupu@gmail.com">drorlupu@gmail.com</a>> wrote:<br><br>> Hi Guys,<br>><br>> I've done the steps for TLS setup as shown on the Wiki (using the server's<br>IP address in CN and ALT), but I can't get TLS to work (UDP/TCP works fine).<br>> All certificates seem to be in place and generated correctly.<br>> I get this error, when using Linphone (I installed the root CA on my<br>machine).<br>> 1. tport.c:2745 tport_wakeup_pri() tport_wakeup_pri(0xb5062a60):<br>> events IN 2. tport.c:869 tport_alloc_secondary()<br>> tport_alloc_secondary(0xb5062a60): new secondary tport 0xb67c0410 3.<br>> tport_type_tls.c:607 tport_tls_accept() tport_tls_accept(0xb67c0410):<br>> new connection from tls/<a href="http://172.16.111.211:61942/sips" target="_blank">172.16.111.211:61942/sips</a> 4. tport_tls.c:873<br>> tls_connect() tls_connect(0xb67c0410): events NEGOTIATING 5.<br>> tport_tls.c:873 tls_connect() tls_connect(0xb67c0410): events<br>> NEGOTIATING 6. tport_tls.c:962 tls_connect() tls_connect(0xb67c0410):<br>> TLS setup failed (error:00000001:lib(0):func(0):reason(1))<br>> 7. tport.c:2092 tport_close() tport_close(0xb67c0410):<br>tls/<a href="http://172.16.111.211:61942/sips" target="_blank">172.16.111.211:61942/sips</a><br>> 8.<br>> Any ideas?<br>><br>> Thanks in advance,<br><br><br><o:p></o:p></p></div></div><p class=MsoNormal>_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services:<br><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br><br>FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br><a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br><a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br><a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><o:p></o:p></p></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>