<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Ok, thanks &#8211; I&#8217;ll try that.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> freeswitch-users-bounces@lists.freeswitch.org [mailto:freeswitch-users-bounces@lists.freeswitch.org] <b>On Behalf Of </b>Peter<br><b>Sent:</b> Monday, September 16, 2013 3:45 AM<br><b>To:</b> FreeSWITCH Users Help<br><b>Subject:</b> Re: [Freeswitch-users] TLS problem<o:p></o:p></span></p><p class=MsoNormal><o:p>&nbsp;</o:p></p><div><p class=MsoNormal style='margin-bottom:12.0pt'>Note that Linphone uses its own CA list (derived from Mozilla's list).<br><br>If you are using a self-signed cert, then you need to add the FS CA cert into the Linphone rootca.pem file.&nbsp;&nbsp; You'll either need a rooted/jail broken phone to do this, or compile your own version with your CA cert appended to rootca.pem<o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p>&nbsp;</o:p></p><div><p class=MsoNormal>On Mon, Sep 16, 2013 at 3:46 AM, Dror Lupu &lt;<a href="mailto:drorlupu@gmail.com" target="_blank">drorlupu@gmail.com</a>&gt; wrote:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><p class=MsoNormal>I followed the steps in the Wiki: <a href="http://wiki.freeswitch.org/wiki/SIP_TLS" target="_blank">http://wiki.freeswitch.org/wiki/SIP_TLS</a><br>Using the gentls_cert script.<br><br>I verified that all .pem files got created.<o:p></o:p></p><div><div><p class=MsoNormal style='margin-bottom:12.0pt'><br>-----Original Message-----<br>From: <a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-bounces@lists.freeswitch.org</a><br>[mailto:<a href="mailto:freeswitch-users-bounces@lists.freeswitch.org">freeswitch-users-bounces@lists.freeswitch.org</a>] On Behalf Of Brian<br>West<br>Sent: Sunday, September 15, 2013 8:35 PM<br>To: FreeSWITCH Users Help<br>Subject: Re: [Freeswitch-users] TLS problem<br><br>Its probably going to be the cipher suite, how did you generate the<br>certificate?<br>--<br>Brian West<br><a href="mailto:brian@freeswitch.org">brian@freeswitch.org</a><br>FreeSWITCH Solutions, LLC<br>PO BOX PO BOX 2531<br>Brookfield, WI 53008-2531<br>Twitter: @FreeSWITCH_Wire , @briankwest<br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a><br><br>T: <a href="tel:%2B1.918.420.9001">+1.918.420.9001</a> &nbsp;| &nbsp;F: <a href="tel:%2B1.918.420.9002">+1.918.420.9002</a> &nbsp;| &nbsp;M: +1.918.424.WEST<br>iNUM: <a href="tel:%2B883%205100%201420%209001">+883 5100 1420 9001</a><br>ISN: 410*543<br>Skype:briankwest<br>PGP Key: <a href="http://www.bkw.org/key.txt" target="_blank">http://www.bkw.org/key.txt</a> (AB93356707C76CED)<br><br>On Sep 14, 2013, at 1:35 PM, Dror Lupu &lt;<a href="mailto:drorlupu@gmail.com">drorlupu@gmail.com</a>&gt; wrote:<br><br>&gt; Hi Guys,<br>&gt;<br>&gt; I've done the steps for TLS setup as shown on the Wiki (using the server's<br>IP address in CN and ALT), but I can't get TLS to work (UDP/TCP works fine).<br>&gt; All certificates seem to be in place and generated correctly.<br>&gt; I get this error, when using Linphone (I installed the root CA on my<br>machine).<br>&gt; 1. &nbsp;tport.c:2745 tport_wakeup_pri() tport_wakeup_pri(0xb5062a60):<br>&gt; events IN 2. &nbsp;tport.c:869 tport_alloc_secondary()<br>&gt; tport_alloc_secondary(0xb5062a60): new secondary tport 0xb67c0410 3.<br>&gt; tport_type_tls.c:607 tport_tls_accept() tport_tls_accept(0xb67c0410):<br>&gt; new connection from tls/<a href="http://172.16.111.211:61942/sips" target="_blank">172.16.111.211:61942/sips</a> 4. &nbsp;tport_tls.c:873<br>&gt; tls_connect() tls_connect(0xb67c0410): events NEGOTIATING 5.<br>&gt; tport_tls.c:873 tls_connect() tls_connect(0xb67c0410): events<br>&gt; NEGOTIATING 6. &nbsp;tport_tls.c:962 tls_connect() tls_connect(0xb67c0410):<br>&gt; TLS setup failed (error:00000001:lib(0):func(0):reason(1))<br>&gt; 7. &nbsp;tport.c:2092 tport_close() tport_close(0xb67c0410):<br>tls/<a href="http://172.16.111.211:61942/sips" target="_blank">172.16.111.211:61942/sips</a><br>&gt; 8.<br>&gt; Any ideas?<br>&gt;<br>&gt; Thanks in advance,<br><br><br><o:p></o:p></p></div></div><p class=MsoNormal>_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services:<br><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br><br>FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br><a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br><a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br><a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br><a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><o:p></o:p></p></blockquote></div><p class=MsoNormal><o:p>&nbsp;</o:p></p></div></div></body></html>