<div dir="ltr">Hi Mitch,<div><br></div><div>I'm using freeswitch server and freeswitch client. So they should be able to do <span style="font-size:12.8px">sslv23.</span></div><div><br></div><div>Anyway, after I change TLS, I got the same problem. I think it could be my keys doesn't match. There is a comment below from mail list which I don't understand.</div><div><br></div><div>"<span style="color:rgb(0,0,0);font-family:verdana,geneva,helvetica,arial,sans-serif;font-size:13.44px">cat the key and the cert into agent.pem and the chain cert into cafile.pem and fire it up"</span></div><div><span style="color:rgb(0,0,0);font-family:verdana,geneva,helvetica,arial,sans-serif;font-size:13.44px"><br></span></div><div><span style="color:rgb(0,0,0);font-family:verdana,geneva,helvetica,arial,sans-serif;font-size:13.44px">What is this mean? Should I go to /usr/local/freeswitch/conf/ssl/CA, and do "cat </span><font color="#000000" face="verdana, geneva, helvetica, arial, sans-serif"><span style="font-size:13.44px">cacert.pem cakey.pem </span></font><span style="color:rgb(0,0,0);font-family:verdana,geneva,helvetica,arial,sans-serif;font-size:13.44px">/usr/local/freeswitch/conf/ssl/agent.pem"? But this still fails.</span></div><div><span style="color:rgb(0,0,0);font-family:verdana,geneva,helvetica,arial,sans-serif;font-size:13.44px"><br></span></div><div><font color="#000000" face="verdana, geneva, helvetica, arial, sans-serif"><span style="font-size:13.44px">Please help.</span></font></div><div><font color="#000000" face="verdana, geneva, helvetica, arial, sans-serif"><span style="font-size:13.44px"><br></span></font></div><div><font color="#000000" face="verdana, geneva, helvetica, arial, sans-serif"><span style="font-size:13.44px">Thanks in advance.</span></font></div><div><font color="#000000" face="verdana, geneva, helvetica, arial, sans-serif"><span style="font-size:13.44px">Claire</span></font></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Dec 3, 2016 at 12:48 PM, <span dir="ltr"><<a href="mailto:freeswitch-users-request@lists.freeswitch.org" target="_blank">freeswitch-users-request@lists.freeswitch.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send FreeSWITCH-users mailing list submissions to<br>
<a href="mailto:freeswitch-users@lists.freeswitch.org">freeswitch-users@lists.<wbr>freeswitch.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:freeswitch-users-request@lists.freeswitch.org">freeswitch-users-request@<wbr>lists.freeswitch.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:freeswitch-users-owner@lists.freeswitch.org">freeswitch-users-owner@lists.<wbr>freeswitch.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of FreeSWITCH-users digest..."<br>
<br>Today's Topics:<br>
<br>
1. Re: SIP TLS failed with FSClient 1.2.3.5 (Mitch Capper)<br>
<br><br>---------- Forwarded message ----------<br>From: Mitch Capper <<a href="mailto:mitch.capper@gmail.com">mitch.capper@gmail.com</a>><br>To: FreeSWITCH Users Help <<a href="mailto:freeswitch-users@lists.freeswitch.org">freeswitch-users@lists.freeswitch.org</a>><br>Cc: <br>Date: Sat, 3 Dec 2016 09:48:06 -0800<br>Subject: Re: [Freeswitch-users] SIP TLS failed with FSClient 1.2.3.5<br><div dir="ltr">sslv23 is not supported on most linux servers now a days, so you most likely need to be using tls instead (under FSClient option).<div><br></div><div>~Mitch</div></div><div class="gmail_extra"><br clear="all"><div><div class="m_-2650092131741182948gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><br><div>~mitch</div></div></div></div>
<br><div class="gmail_quote">On Sat, Dec 3, 2016 at 7:08 AM, Xiyu Zhao <span dir="ltr"><<a href="mailto:claire.zxy@gmail.com" target="_blank">claire.zxy@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><p class="MsoNormal" style="font-size:12.8px">Hi All,<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px">Please help me when you get a chance.<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px">I’ve follow the instruction link below to configure TLS in my freeswitch server, but it failed with my FSClient 1.2.3.5. I copied cafile.pem from my freeswitch to my windows desktop and gived the right directory under “TLS Certificate Directory” shown as below screenshot (also attached). <u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"><a href="https://freeswitch.org/confluence/display/FREESWITCH/SIP+TLS" target="_blank">https://freeswitch.org/conflue<wbr>nce/display/FREESWITCH/SIP+TLS</a><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px">But I still cannot log in with tls, console log output, and configuration files are below. Kindly take a look and let me know if additional info is needed.</p><div><br></div><div><span style="font-size:12.8px">I used ./gentls_cert setup -cn 52.35.22.204 -alt DNS: 52.35.22.204 -org 52.35.22.204.</span><br></div><div><span style="font-size:12.8px"><br></span></div><div><p class="MsoNormal" style="font-size:12.8px">Below is the view of one cert:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px">root@ip-172-31-28-201:/usr/loc<wbr>al/freeswitch/conf/ssl# openssl x509 -noout -inform pem -text -in /usr/local/freeswitch/conf/ssl<wbr>/agent.pem<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px">Certificate:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Data:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Version: 3 (0x2)<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Serial Number:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> be:37:19:a3:98:6e:82:19<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Signature Algorithm: sha1WithRSAEncryption<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;background-color:yellow">Issuer: CN=52.35.22.204, O=52.35.22.204</span><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Validity<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Not Before: Nov 12 21:20:24 2016 GMT<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Not After : Nov 11 21:20:24 2022 GMT<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;background-color:yellow">Subject: CN=52.35.22.204, O=52.35.22.204</span><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Subject Public Key Info:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Public Key Algorithm: rsaEncryption<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Public-Key: (2048 bit)<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Modulus:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 00:bd:01:6a:df:ae:35:f2:82:1f:<wbr>ca:af:cf:7b:97:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 2f:ec:a5:2d:ec:7c:3d:0a:c3:fb:<wbr>e2:17:d3:78:b6:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> dc:c6:60:b6:14:eb:6e:5e:96:c2:<wbr>ef:bf:d8:9f:a7:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 19:a1:36:a5:82:37:5b:8b:0a:5d:<wbr>95:00:9c:11:f0:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 90:77:e6:34:f1:36:b3:c9:62:8e:<wbr>82:28:d3:41:fd:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 0a:3e:67:32:57:c2:52:71:8a:9b:<wbr>99:4c:e0:4b:e4:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 15:e0:53:0c:46:d0:98:1a:05:8e:<wbr>79:f4:c6:d4:0b:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> b8:16:ea:24:80:1c:67:67:12:16:<wbr>c4:29:f1:d5:81:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> ab:4b:b6:a4:b7:f7:a7:ad:11:34:<wbr>ef:9c:70:dc:a9:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 4a:da:9f:dd:14:71:7e:7d:b1:91:<wbr>ab:f6:fb:f3:fd:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> a0:9f:56:ab:89:eb:91:fd:1e:74:<wbr>d6:55:a0:bb:6e:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 1d:94:1d:08:c7:26:2d:85:45:46:<wbr>b4:44:84:e5:ed:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 68:83:e6:25:2b:fd:82:d5:7c:67:<wbr>ce:32:d9:15:d1:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> de:00:85:62:d7:f7:ad:a8:c2:17:<wbr>a1:55:c3:64:08:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> a3:9e:d8:6d:55:f7:4d:a9:4f:73:<wbr>75:31:74:3c:21:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 3b:1e:27:6b:fb:3c:40:49:80:55:<wbr>0c:dd:90:fe:4c:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> da:8c:a4:10:d8:bf:1b:12:15:56:<wbr>81:0a:15:64:04:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> cc:d3<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Exponent: 65537 (0x10001)<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> X509v3 extensions:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Netscape Comment:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> FS Server Cert<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> X509v3 Basic Constraints:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> CA:FALSE<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> X509v3 Subject Key Identifier:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 74:5E:4B:09:21:37:50:1F:BB:F1:<wbr>A8:D5:1D:6D:D7:36:D9:D5:EE:AD<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> X509v3 Authority Key Identifier:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> keyid:0B:51:AF:BF:BF:8F:2A:94:<wbr>8A:18:B6:70:4F:9A:0B:FA:EB:4B:<wbr>49:FC<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> DirName:/CN=<a href="http://52.35.22.204/O=52.35.22.204" target="_blank">52.35.22.204/O=52.<wbr>35.22.204</a><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> serial:F5:5B:BD:AA:25:4E:16:0B<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"> X509v3 Subject Alternative Name:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;background-color:yellow">DNS:52.35.22.2<wbr>04</span><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Netscape Cert Type:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> SSL Server<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> X509v3 Extended Key Usage:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> TLS Web Server Authentication<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Signature Algorithm: sha1WithRSAEncryption<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> e7:35:1e:9a:70:6c:1c:61:2f:c8:<wbr>50:8f:5d:a8:7d:73:cc:a4:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> c0:7a:54:02:65:91:49:82:0b:86:<wbr>7f:45:44:91:b2:14:32:c3:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> d6:50:5c:41:28:f3:80:ca:ea:2b:<wbr>c3:2c:d7:d8:09:90:11:8b:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> fe:4e:8d:35:4f:ca:ec:cb:6b:05:<wbr>ee:63:e3:17:17:4f:be:bb:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> f7:85:f4:4a:3a:34:b6:4f:c1:5c:<wbr>d7:07:7e:f5:d5:a5:ae:40:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 3c:25:2a:70:24:6d:0e:3c:e4:e1:<wbr>64:43:7a:6e:10:ad:a2:9e:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 38:d5:e3:91:de:4f:e5:60:27:44:<wbr>58:7c:2a:42:2a:f2:6f:19:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 60:d5:01:48:01:39:1a:18:30:3a:<wbr>f5:e7:d8:fd:c6:00:22:a4:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> f7:4b:44:c9:c7:4d:02:2a:d3:d4:<wbr>1b:f2:e6:35:63:7b:c9:0d:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 69:2c:38:7f:04:e1:5e:9a:0c:13:<wbr>21:50:d5:78:3b:22:f4:11:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> f4:09:73:e8:58:c5:c4:ba:33:28:<wbr>88:cc:28:c7:7b:1b:73:11:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 06:15:ad:29:1a:25:47:0c:91:be:<wbr>6d:20:7d:88:6e:6a:a1:53:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> a6:95:84:cc:d3:bc:10:18:e5:43:<wbr>fa:5c:96:c3:7b:ce:98:c0:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> d3:dc:81:8c:ea:85:83:69:39:63:<wbr>2e:fa:a1:03:0e:69:5e:be:<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> c4:52:8c:25<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> </p></div><div><span style="font-size:12.8px"><img src="cid:ii_158c5397b5f9ccb3" alt="Inline image 1" width="544" height="490"><br></span></div><div><span style="font-size:12.8px"><br></span></div><div><p class="MsoNormal" style="font-size:12.8px"><b>Console output:<u></u><u></u></b></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px">tport.c:2749 tport_wakeup_pri() tport_wakeup_pri(0x7fcee805077<wbr>0): events IN<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px">tport.c:862 tport_alloc_secondary() tport_alloc_secondary(0x7fcee8<wbr>050770): new secondary tport 0x7fcee8252ea0<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px">tport_type_tcp.c:203 tport_tcp_init_secondary() tport_tcp_init_secondary(0x7fc<wbr>ee8252ea0): Setting TCP_KEEPIDLE to 30<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px">tport_type_tcp.c:209 tport_tcp_init_secondary() tport_tcp_init_secondary(0x7fc<wbr>ee8252ea0): Setting TCP_KEEPINTVL to 30<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px">tport_type_tls.c:610 tport_tls_accept() tport_tls_accept(0x7fcee8252ea<wbr>0): new connection from tls/<a href="http://50.187.205.251:56612/sips" target="_blank">50.187.205.251:56612/sips</a><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;background-color:yellow">tport_tls.c:955 tls_connect() tls_connect(0x7fcee8252ea0): events NEGOTIATING</span><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;background-color:yellow">tport_tls.c:1044 tls_connect() tls_connect(0x7fcee8252ea0): TLS setup failed (error:00000001:lib(0):func(0)<wbr>:reason(1))</span><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px">tport.c:2090 tport_close() tport_close(0x7fcee8252ea0): tls/<a href="http://50.187.205.251:56612/sips" target="_blank">50.187.205.251:56612/sips</a><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px">tport.c:2263 tport_set_secondary_timer() tport(0x7fcee8252ea0): set timer at 0 ms because zap<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px">freeswitch@ip-172-31-28-201> sofia status<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> Name Type <wbr> Data State<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px">==============================<wbr>==============================<wbr>==============================<wbr>=======<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> external-ipv6 profile <a style="color:rgb(34,34,34)">sip:<wbr>mod_sofia@[::1]:5080</a> RUNNING (0)<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> 172.31.28.201 alias <wbr> internal ALIASED<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> external profile <a style="color:rgb(34,34,34)">sip:mod_sof<wbr>ia@52.35.22.204:5080</a> RUNNING (0)<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> external::<a href="http://example.com/" target="_blank">example.com</a> gateway <a style="color:rgb(34,34,34)">sip<wbr>:joeuser@example.com</a> NOREG<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> internal-ipv6 profile <a style="color:rgb(34,34,34)">sip:<wbr>mod_sofia@[::1]:5060</a> RUNNING (0)<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> internal-ipv6 profile <a style="color:rgb(34,34,34)">sip:<wbr>mod_sofia@[::1]:5061</a> RUNNING (0) (TLS)<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> internal profile <a style="color:rgb(34,34,34)">sip:mod_sof<wbr>ia@52.35.22.204:5060</a> RUNNING (0)<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <span style="background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial;background-color:yellow">internal profile <a style="color:rgb(34,34,34)">sip:mod_sof<wbr>ia@52.35.22.204:5061</a> RUNNING (0) (TLS)</span><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px">==============================<wbr>==============================<wbr>==============================<wbr>=======<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px">4 profiles 1 alias<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"><b>Under vars.xml:<u></u><u></u></b></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"> <X-PRE-PROCESS cmd="set" data="sip_tls_version=sslv23"/<wbr>><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!--<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> TLS cipher suite: default ALL:!ADH:!LOW:!EXP:!MD5:@STREN<wbr>GTH<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"> The actual ciphers supported will change per platform.<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"> openssl ciphers -v 'ALL:!ADH:!LOW:!EXP:!MD5:@STRE<wbr>NGTH'<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"> Will show you what is available in your verion of openssl.<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <X-PRE-PROCESS cmd="set" data="sip_tls_ciphers=ALL:!ADH<wbr>:!LOW:!EXP:!MD5:@STRENGTH"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- Internal SIP Profile --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <X-PRE-PROCESS cmd="set" data="internal_auth_calls=true<wbr>"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <X-PRE-PROCESS cmd="set" data="internal_sip_port=5060"/<wbr>><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <X-PRE-PROCESS cmd="set" data="internal_tls_port=5061"/<wbr>><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <X-PRE-PROCESS cmd="set" data="internal_ssl_enable=true<wbr>"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <X-PRE-PROCESS cmd="set" data="internal_ssl_dir=/usr/lo<wbr>cal/freeswitch/conf/ssl"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"><b>Under internel.xml: <u></u><u></u></b></p><p class="MsoNormal" style="font-size:12.8px"> <u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- TLS: disabled by default, set to "true" to enable --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <param name="tls" value="true"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- Set to true to not bind on the normal sip-port but only on the TLS port --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <param name="tls-only" value="false"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- additional bind parameters for TLS --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <param name="tls-bind-params" value="transport=tls"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- Port to listen on for TLS requests. (5061 will be used if unspecified) --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <param name="tls-sip-port" value="$${internal_tls_port}"/<wbr>><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- Location of the agent.pem and cafile.pem ssl certificates (needed for TLS server) --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!--<param name="tls-cert-dir" value=""/>--><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- Optionally set the passphrase password used by openSSL to encrypt/decrypt TLS private key files --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <param name="tls-passphrase" value=""/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- Verify the date on TLS certificates --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <param name="tls-verify-date" value="true"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- TLS verify policy, when registering/inviting gateways with other servers (outbound) or handling inbound registration/invite requests how should we verify their certificate --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- set to 'in' to only verify incoming connections, 'out' to only verify outgoing connections, 'all' to verify all connections, also 'subjects_in', 'subjects_out' and 'subjects_all' for subject validation. Multiple policies can be$<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <param name="tls-verify-policy" value="in"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- Certificate max verify depth to use for validating peer TLS certificates when the verify policy is not none --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <param name="tls-verify-depth" value="2"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- If the tls-verify-policy is set to subjects_all or subjects_in this sets which subjects are allowed, multiple subjects can be split with a '|' pipe --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <param name="tls-verify-in-subjects" value=""/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- TLS version default: tlsv1,tlsv1.1,tlsv1.2 --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <param name="tls-version" value="$${sip_tls_version}"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px"> <!-- TLS ciphers default: ALL:!ADH:!LOW:!EXP:!MD5:@STREN<wbr>GTH --><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"> <param name="tls-ciphers" value="$${sip_tls_ciphers}"/><u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px"><u></u> <u></u></p><p class="MsoNormal" style="font-size:12.8px">Thanks,<u></u><u></u></p><p class="MsoNormal" style="font-size:12.8px">Clarie</p></div><span class="m_-2650092131741182948HOEnZb"><font color="#888888">-- <br><div class="m_-2650092131741182948m_-580172835375386884gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font face="georgia, serif" style="color:rgb(136,136,136);font-size:14px;background-color:rgb(255,255,255)"><font style="color:rgb(153,153,153)">Xiyu Zhao</font></font><div><font color="#999999" face="georgia, serif"><br></font><div style="font-size:14px;font-family:georgia,serif;background-color:rgb(255,255,255)"><font color="#999999">Northeastern University</font></div><div style="font-size:14px;font-family:georgia,serif;background-color:rgb(255,255,255)"><font color="#999999">College of Engineering</font></div><font face="georgia, serif" style="color:rgb(136,136,136);font-size:14px;background-color:rgb(255,255,255)"><div><span style="color:rgb(153,153,153)">Telecommunication Systems Management </span><span style="color:rgb(153,153,153)"> </span><span style="color:rgb(153,153,153)"> </span></div><font color="#999999">Email <a href="mailto:claire.zxy@gmail.com" target="_blank">claire.zxy@gmail.com</a> <br></font></font></div></div></div></div></div></div></div>
</font></span></div><span class="m_-2650092131741182948HOEnZb"><font color="#888888"><div hspace="streak-pt-mark" style="max-height:1px"><img style="width:0px;max-height:0px;overflow:hidden" src="https://mailfoogae.appspot.com/t?sender=aY2xhaXJlLnp4eUBnbWFpbC5jb20%3D&type=zerocontent&guid=96795b28-414b-4256-bcda-4448b22a4880"><font color="#ffffff" size="1">ᐧ</font></div>
</font></span><br>______________________________<wbr>______________________________<wbr>_____________<br>
Professional FreeSWITCH Consulting Services:<br>
<a href="mailto:consulting@freeswitch.org" target="_blank">consulting@freeswitch.org</a><br>
<a href="http://www.freeswitchsolutions.com" rel="noreferrer" target="_blank">http://www.freeswitchsolutions<wbr>.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<a href="http://confluence.freeswitch.org" rel="noreferrer" target="_blank">http://confluence.freeswitch.o<wbr>rg</a><br>
<a href="http://www.cluecon.com" rel="noreferrer" target="_blank">http://www.cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswi<wbr>tch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/ma<wbr>ilman/listinfo/freeswitch-user<wbr>s</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.frees<wbr>witch.org/mailman/options/<wbr>freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.<wbr>freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/<wbr>mailman/listinfo/freeswitch-<wbr>users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.<wbr>freeswitch.org/mailman/<wbr>options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" rel="noreferrer" target="_blank">http://www.freeswitch.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font face="georgia, serif" style="color:rgb(136,136,136);font-size:14px;background-color:rgb(255,255,255)"><font style="color:rgb(153,153,153)">Xiyu Zhao</font></font><div><font color="#999999" face="georgia, serif"><br></font><div style="font-size:14px;font-family:georgia,serif;background-color:rgb(255,255,255)"><font color="#999999">Northeastern University</font></div><div style="font-size:14px;font-family:georgia,serif;background-color:rgb(255,255,255)"><font color="#999999">College of Engineering</font></div><font face="georgia, serif" style="color:rgb(136,136,136);font-size:14px;background-color:rgb(255,255,255)"><div><span style="color:rgb(153,153,153)">Telecommunication Systems Management </span><span style="color:rgb(153,153,153)"> </span><span style="color:rgb(153,153,153)"> </span></div><font color="#999999">Email <a href="mailto:claire.zxy@gmail.com" target="_blank">claire.zxy@gmail.com</a> <br>Tel +86- 188-1067-7769</font></font></div><div><font face="georgia, serif" style="color:rgb(136,136,136);font-size:14px;background-color:rgb(255,255,255)"><font color="#999999"> +1-781-526-0715<br><br></font></font></div></div></div></div></div></div></div>
</div>