<div dir="ltr">If you can post your configs and logs so we can view them maybe we can replicate what you're having take place. Be sure to clearly outline all endpoints used and call flows tested. Also what type of cert are you using?</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 17, 2015 at 5:11 AM, Emrah <span dir="ltr"><<a href="mailto:lists@kavun.ch" target="_blank">lists@kavun.ch</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Hi,<div>I am experiencing call drops when using TLS. Calls terminates with a 408 <span style="font-family:Menlo;font-size:11px">RECOVERY_ON_TIMER_EXPIRE. </span></div><div><font face="Menlo"><span style="font-size:11px">this seems to only happen when I use options-ping. It never occurred when I disabled it on the profile, however I need it and had to reenable it. I think that it may also be only happening on user accounts that have multiple devices registered.</span></font></div><div><font face="Menlo"><span style="font-size:11px"><br></span></font></div><div><font face="Menlo"><span style="font-size:11px">This erratic behavior of FreeSWITCH over TLS is very disconcerting and none of my messages seem to have created any traction so far.</span></font></div><div><font face="Menlo"><span style="font-size:11px"><br></span></font></div><div><font face="Menlo"><span style="font-size:11px">The Wiki page about TLS is outdated and contains wrong information. For instance, it says all the RTP and signaling will be encapsulated over the TLS port if TLS is used and this is absolutely incorrect. RTP will remain negotiated over UDP and will have to be separately encrypted. SSLv23 is deprecated now and so TLS v1.1 or v1.2 are the only viable options.</span></font></div><div><font face="Menlo"><span style="font-size:11px"><br></span></font></div><div><font face="Menlo"><span style="font-size:11px">Now. I think it would benefit everyone if those among you that have had a successful experience with FS and TLS could share some of their best practices.</span></font></div><div><font face="Menlo"><span style="font-size:11px"><br></span></font></div><div><font face="Menlo"><span style="font-size:11px">So far, I have been successful at making and receiving calls over TLS and SRTP. Lately I've been experiencing call drops with the 408 RECOVERY_ON_TIMER_EXPIRE. In addition to that, the call setup process will randomly fail because my clients experience an SSL error while sending the auth packet after receiving the 407.</span></font></div><div><font face="Menlo"><span style="font-size:11px">Does this speak to anyone?</span></font></div><div><font face="Menlo"><span style="font-size:11px"><br></span></font></div><div><font face="Menlo"><span style="font-size:11px">Cheers</span></font></div></div><br>_________________________________________________________________________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" target="_blank">http://www.freeswitchsolutions.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" target="_blank">http://confluence.freeswitch.org</a><br>
<a href="http://www.cluecon.com" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr">
<p><font face="courier new, monospace"><b><i><font size="4">Brian West</font></i></b><br><span style="font-size:x-small"><a href="mailto:brian@freeswitch.org" target="_blank">brian@freeswitch.org</a></span></font></p>
<p><font size="1" face="courier new, monospace"><img src="http://billing.freeswitch.org/templates/default/img/whmcslogo.png"><br></font></p><p><font face="courier new, monospace"><b><i>Twitter: @FreeSWITCH , @briankwest</i></b><br><a href="http://www.freeswitchbook.com" target="_blank">http://www.freeswitchbook.com</a><br><a href="http://www.freeswitchcookbook.com" target="_blank">http://www.freeswitchcookbook.com</a></font></p>
<p><font face="courier new, monospace"><b>T:</b>+19184209001 | <b>F:</b>+19184209002 | <b>M:</b>+1918424WEST (9378)<br><b>iNUM:</b>+883 5100 1420 9001 | <b>ISN:</b>410*543 | <b>Skype:</b>briankwest</font></p></div></div>
</div>