<div dir="ltr">Thanks Brian. <div><br></div><div>I couldn't find an earlier version of the gentls in git, but I'm still new to git. I tried modifying gentls to use rsa:1024 instead of ec, but I'm still getting the same error messages in the sofia log when the SPA112 tries to connect. FSClient connects with both rsa:1024 and rsa:2048, but I haven't tried to connect any other devices to the server. <div>
<br></div><div>Changes made to gentls_cert:</div><div>setup_ca():</div><div><div> openssl req -out "${CONFDIR}/CA/cacert.pem" -new -x509 -keyout "${CONFDIR}/CA/cakey.pem" -newkey rsa:1024 -config "${TMPFILE}.cfg" -nodes -days ${DAYS} -sha1 >/dev/null || exit 1</div>
</div><div><br></div><div>generate_cert():</div><div><div><span style="white-space:pre"> </span>openssl req -new -out "${TMPFILE}.req" -newkey rsa:1024 -keyout "${TMPFILE}.key" -config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1</div>
</div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Sep 22, 2013 at 5:14 PM, Brian West <span dir="ltr"><<a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Its going to be a cipher suite issue, I think the changing of gen_tlscert to do EC certs was a BAD IDEA. Some devices can't deal with it properly.<br>
<br>
/b<br>
<div><div class="h5"><br>
On Sep 22, 2013, at 2:38 PM, Nick Vines <<a href="mailto:jnvines@gmail.com">jnvines@gmail.com</a>> wrote:<br>
<br>
> Has anyone successfully setup the spa112 or spa122 to use TLS? I tried setting my spa112 up following the generic TLS guide, but I am getting the following repeated error when I use `sofia loglevel all 9`:<br>
><br>
> tport.c:2730 tport_wakeup_pri() tport_wakeup_pri(0x7fb6d40054c0): events IN<br>
> tport.c:869 tport_alloc_secondary() tport_alloc_secondary(0x7fb6d40054c0): new secondary tport 0x7fb6d40e9b00<br>
> tport_type_tls.c:603 tport_tls_accept() tport_tls_accept(0x7fb6d40e9b00): new connection from tls/my_ip_address:my_port/sips<br>
> tport_tls.c:869 tls_connect() tls_connect(0x7fb6d40e9b00): events NEGOTIATING<br>
> tport_tls.c:958 tls_connect() tls_connect(0x7fb6d40e9b00): TLS setup failed (error:00000001:lib(0):func(0):reason(1))<br>
> tport.c:2084 tport_close() tport_close(0x7fb6d40e9b00): tls/my_ip_address:my_port/sips<br>
><br>
><br>
> I double checked that TLS would work using fsclient to connect to my server, and that connected instantly.<br>
><br>
> Thanks,<br>
> Nick<br>
><br>
><br>
</div></div>> _________________________________________________________________________<br>
> Professional FreeSWITCH Consulting Services:<br>
> <a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
> <a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
><br>
> FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
> <a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
><br>
> Official FreeSWITCH Sites<br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
> <a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
> <a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
><br>
> FreeSWITCH-users mailing list<br>
> <a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
> <a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
> UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
> <a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>