<div dir="ltr">now I am sure thr's the problem, I managed to configure chrome 35 to use tls 1.1 and it works!, so my problem now...how can I setup freeswitch to use tls 1.2??<br></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Fri, Jul 11, 2014 at 12:37 PM, Javier Menendez <span dir="ltr"><<a href="mailto:menendez.garcia@gmail.com" target="_blank">menendez.garcia@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Ok, I think I know the reason but not how to fix it. Looks like chrome 35 is using tlsv1.2, and previous versions are using tlsv1.2. My freeswitch is using v1.1 and I think that may be the reason, the problem now is I am not able to configure it to use version 1.2 I tried changing these params in the sip profile but it keeps using the old version<br>
<param name="tls-version" value="tlsv1.2"/><br> <param name="sip-tls-version" value="tlsv1.2"/><br><br><br><br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra">
<br><br><div class="gmail_quote">
On Fri, Jul 11, 2014 at 10:08 AM, Javier Menendez <span dir="ltr"><<a href="mailto:menendez.garcia@gmail.com" target="_blank">menendez.garcia@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div>wss endpoint looks fine,I have included the cert chain,and the test looks fine<br><br><table><thead><tr><th>
Result
</th>
<th>
Check
</th>
<th>
Information
</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<img src="http://certlogik.com/static//resources/images/icon_accept.gif">
</td>
<td>
Valid To
</td>
<td>
07 Jun 2016 ( 697 days )
</td>
</tr>
<tr>
<td>
<img src="http://certlogik.com/static//resources/images/icon_accept.gif">
</td>
<td>
<a href="http://certlogik.com/ssl-checker/#" target="_blank">
Weak Key
</a>
</td>
<td>
Does not use a key on our blacklist ( this is good )
</td>
</tr>
<tr>
<td>
<img src="http://certlogik.com/static//resources/images/icon_accept.gif">
</td>
<td>
<a href="http://certlogik.com/ssl-checker/#" target="_blank">
Key-Size
</a>
</td>
<td>
2048
</td>
</tr>
<tr>
<td>
<img src="http://certlogik.com/static//resources/images/icon_accept.gif">
</td>
<td>
Signature Algorithm
</td>
<td>
Strong (sha256WithRSAEncryption)
</td>
</tr>
<tr>
<td>
<img src="http://certlogik.com/static//resources/images/icon_accept.gif">
</td>
<td>
Site Listed
</td>
<td>
Yes (website:myhost is listed in the certifcate)
</td>
</tr>
<tr>
<td>
<img src="http://certlogik.com/static//resources/images/icon_accept.gif">
</td>
<td>
Trusted
</td>
<td>
Yes (certificate verified to a trusted root)
</td></tr></tbody></table><br></div>Is there any new config param from 1.4 to 1.5 regarding wss? I know there were issues with browsers and I am using same config files from 1.4 in 1.5...may be?<br></div><div>
<div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Thu, Jul 10, 2014 at 6:53 PM, Ciprian Dosoftei <span dir="ltr"><<a href="mailto:ciprian.dosoftei@gmail.com" target="_blank">ciprian.dosoftei@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><div>Then it's a server side thing issue. Have you validated the WSS endpoint here: <a href="http://www.sslshopper.com/ssl-checker.html" target="_blank">http://www.sslshopper.com/ssl-checker.html</a>?<br>
<br></div>
It may be able to point of some soft errors<span><font color="#888888"><br><br></font></span></div><span><font color="#888888">-Ciprian<br></font></span></div><div><div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On 10 July 2014 17:48, Javier Menendez <span dir="ltr"><<a href="mailto:menendez.garcia@gmail.com" target="_blank">menendez.garcia@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>You are right, nothing relevant, the socket is closed before.<br><br><br></div><div>I think it must be something related with chrome, in latest version 35 it is not working but in version 26 it works.. but <a href="http://webrtc.freeswitch.org" target="_blank">webrtc.freeswitch.org</a> works with version 35! what am I missing?<br>
</div></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Jul 10, 2014 at 6:28 PM, Ciprian Dosoftei <span dir="ltr"><<a href="mailto:ciprian.dosoftei@gmail.com" target="_blank">ciprian.dosoftei@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>You may be able to pull more info from the connection's entry on the Network tab of the developer's console. In normal circumstances, it should show a HTTP response code of 101 and a negotiation response like:<br>
<br>Connection:Upgrade<br>Sec-WebSocket-Accept:oVcPX2zhUVgae46nZWQT3WyOOQ0=<br>Upgrade:websocket<br><br></div>I bet the latter is not coming through since the connection is reset.<br><br>If you cannot get any relevant info from this angle, I think a packet capture is the next step.<span><font color="#888888"><br>
<br></font></span></div><span><font color="#888888">-C<br><div><div><br><br></div></div></font></span></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On 10 July 2014 17:07, Javier Menendez <span dir="ltr"><<a href="mailto:menendez.garcia@gmail.com" target="_blank">menendez.garcia@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Thanks ciprian,<br></div>I am trying to debug this with chrome, I tryed to make a raw websocket connection<br>
conn = new WebSocket("wss://myhost:10081")<br><br></div>and I got a readyState 3. that's all I can debug :/<br>
<br></div>If I access to <a href="https://myhost:10081/" target="_blank">https://myhost:10081/</a> it says verified, and its green...<br></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Thu, Jul 10, 2014 at 5:40 PM, Ciprian Dosoftei <span dir="ltr"><<a href="mailto:ciprian.dosoftei@gmail.com" target="_blank">ciprian.dosoftei@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Javier,<br><br></div>It looks like the client is resetting the connection, it may after all be a SSL issue.<br>
<br></div>Best way to start debugging is to pop up the developer console (I use Chrome and it never disappoints me when it comes down to tracking down issues) and see what's unusual with that WSS connection.<br>
<br></div>-Ciprian<br></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div>On 10 July 2014 12:27, Javier Menendez <span dir="ltr"><<a href="mailto:menendez.garcia@gmail.com" target="_blank">menendez.garcia@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div><div><div><div>Hi,<br><br></div>I am trying to get the wss connection work, tried everything and still doesn't work, I don't think it is a certificate problem because if I try this manually:<br>
<br>curl -v <a href="https://myhost.com:10081/" target="_blank">https://myhost.com:10081/</a> -H "Upgrade: WebSocket" -H "Connection: Upgrade" -H "Sec-WebSocket-Protocol: sip" -H "Sec-WebSocket-Key: +LLGYSDSKelND6UVF9z71w==" -H "Sec-WebSocket-Version: 13" <br>
* About to connect() to <a href="http://myhost.com" target="_blank">myhost.com</a> port 10081 (#0)<br>* Trying X.X.X.X... connected<br>* Connected to <a href="http://myhost.com" target="_blank">myhost.com</a> (X.X.X.X) port 10081 (#0)<br>
* successfully set certificate verify locations:<br>
* CAfile: none<br> CApath: /etc/ssl/certs<br>* SSLv3, TLS handshake, Client hello (1):<br>* SSLv3, TLS handshake, Server hello (2):<br>* SSLv3, TLS handshake, CERT (11):<br>* SSLv3, TLS handshake, Server finished (14):<br>
* SSLv3, TLS handshake, Client key exchange (16):<br>* SSLv3, TLS change cipher, Client hello (1):<br>* SSLv3, TLS handshake, Finished (20):<br>* SSLv3, TLS change cipher, Client hello (1):<br>* SSLv3, TLS handshake, Finished (20):<br>
* SSL connection using AES256-SHA<br>* Server certificate:<br>* subject: OU=Domain Control Validated; CN=<a href="http://myhost.com" target="_blank">myhost.com</a><br>* start date: 2014-06-16 10:09:42 GMT<br>* expire date: 2016-06-07 11:02:46 GMT<br>
* subjectAltName: <a href="http://myhost.com" target="_blank">myhost.com</a> matched<br>* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=<a href="http://certs.godaddy.com/repository/" target="_blank">http://certs.godaddy.com/repository/</a>; CN=Go Daddy Secure Certificate Authority - G2<br>
* SSL certificate verify ok.<br>> GET / HTTP/1.1<br>> User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8o zlib/<a href="http://1.2.3.3" target="_blank">1.2.3.3</a> libidn/1.15<br>> Host: <a href="http://myhost.com:10081" target="_blank">myhost.com:10081</a><br>
> Accept: */*<br>> Upgrade: WebSocket<br>> Connection: Upgrade<br>> Sec-WebSocket-Protocol: sip<br>> Sec-WebSocket-Key: +LLGYSDSKelND6UVF9z71w==<br>> Sec-WebSocket-Version: 13<br>> <br>< HTTP/1.1 101 Switching Protocols<br>
< Upgrade: websocket<br>< Connection: Upgrade<br>< Sec-WebSocket-Accept: CQsVOMdurBA <br><br><br></div>so it seems to work, but if I try with jssip or sipml5 library I got this trace log and the socket gets disconnected within half second<br>
<br>freeswitch@internal> tport.c:2749 tport_wakeup_pri() tport_wakeup_pri(0x7f2198004f20): events IN<br>tport.c:862 tport_alloc_secondary() tport_alloc_secondary(0x7f2198004f20): new secondary tport 0x7f21980afb20<br>
tport.c:2640 tport_accept() tport_accept(0x7f21980afb20): new connection from wss/<a href="http://130.117.88.33:62056/sips" target="_blank">130.117.88.33:62056/sips</a><br>
tport.c:2773 tport_wakeup() tport_wakeup(0x7f21980afb20): events IN<br>tport.c:2864 tport_recv_event() tport_recv_event(0x7f21980afb20)<br>tport.c:2296 tport_set_secondary_timer() tport(0x7f21980afb20): reset timer<br>tport.c:2773 tport_wakeup() tport_wakeup(0x7f21980afb20): events IN HUP ERR<br>
nta.c:2719 agent_tp_error() nta_agent: tport: Conexión reinicializada por la máquina remota<br>tport.c:2090 tport_close() tport_close(0x7f21980afb20): wss/<a href="http://130.117.88.33:62056/sips" target="_blank">130.117.88.33:62056/sips</a><br>
<br></div>I am using last version from git and I also tried with 1.4 versions.<br></div>I have accept-blind-auth and accept-blind-reg to true, any clue?<br><div><div><br><br><br><br></div></div></div>
<br></div></div>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><span><font color="#888888"><br><br clear="all"><br>-- <br>Best Regards,<br>Ciprian Dosoftei<br><br>The information transmitted is intended only for the addressee and may contain privileged and/or confidential material. If you are not the intended recipient, kindly contact the sender and delete the message.<br>
<br>Any disclosure, distribution or copying of this message is strictly prohibited without the expressed permission of the sender.
</font></span></div>
<br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Best Regards,<br>Ciprian Dosoftei<br><br>The information transmitted is intended only for the addressee and may contain privileged and/or confidential material. If you are not the intended recipient, kindly contact the sender and delete the message.<br>
<br>Any disclosure, distribution or copying of this message is strictly prohibited without the expressed permission of the sender.
</div>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Best Regards,<br>Ciprian Dosoftei<br><br>The information transmitted is intended only for the addressee and may contain privileged and/or confidential material. If you are not the intended recipient, kindly contact the sender and delete the message.<br>
<br>Any disclosure, distribution or copying of this message is strictly prohibited without the expressed permission of the sender.
</div>
</div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br>
<a href="http://www.cudatel.com" target="_blank">http://www.cudatel.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://wiki.freeswitch.org" target="_blank">http://wiki.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>