[Freeswitch-users] wss conection closed

Javier Menendez menendez.garcia at gmail.com
Fri Jul 11 14:37:52 MSD 2014


Ok, I think I know the reason but not how to fix it. Looks like chrome 35
is using tlsv1.2, and previous versions are using tlsv1.2. My freeswitch is
using v1.1 and I think that may be the reason, the problem now is I am not
able to configure it to use version 1.2 I tried changing these params in
the sip profile but it keeps using the old version
 <param name="tls-version" value="tlsv1.2"/>
 <param name="sip-tls-version" value="tlsv1.2"/>





On Fri, Jul 11, 2014 at 10:08 AM, Javier Menendez <menendez.garcia at gmail.com
> wrote:

> wss endpoint looks fine,I have included the cert chain,and the test looks
> fine
>
> Result  Check  Information     Valid To  07 Jun 2016 ( 697 days )
> Weak Key <http://certlogik.com/ssl-checker/#>  Does not use a key on our
> blacklist ( this is good )     Key-Size
> <http://certlogik.com/ssl-checker/#>  2048    Signature Algorithm  Strong
> (sha256WithRSAEncryption)    Site Listed  Yes (website:myhost is listed
> in the certifcate)    Trusted  Yes (certificate verified to a trusted
> root)
> Is there any new config param  from 1.4 to 1.5 regarding wss? I know there
> were issues with browsers and I am using same config files from 1.4 in
> 1.5...may be?
>
>
> On Thu, Jul 10, 2014 at 6:53 PM, Ciprian Dosoftei <
> ciprian.dosoftei at gmail.com> wrote:
>
>> Then it's a server side thing issue. Have you validated the WSS endpoint
>> here: http://www.sslshopper.com/ssl-checker.html?
>>
>> It may be able to point of some soft errors
>>
>> -Ciprian
>>
>>
>> On 10 July 2014 17:48, Javier Menendez <menendez.garcia at gmail.com> wrote:
>>
>>> You are right, nothing relevant, the socket is closed before.
>>>
>>>
>>> I think it must be something related with chrome, in latest version 35
>>> it is not working but in version 26 it works.. but webrtc.freeswitch.org
>>> works with version 35! what am I missing?
>>>
>>>
>>> On Thu, Jul 10, 2014 at 6:28 PM, Ciprian Dosoftei <
>>> ciprian.dosoftei at gmail.com> wrote:
>>>
>>>> You may be able to pull more info from the connection's entry on the
>>>> Network tab of the developer's console. In normal circumstances, it should
>>>> show a HTTP response code of 101 and a negotiation response like:
>>>>
>>>> Connection:Upgrade
>>>> Sec-WebSocket-Accept:oVcPX2zhUVgae46nZWQT3WyOOQ0=
>>>> Upgrade:websocket
>>>>
>>>> I bet the latter is not coming through since the connection is reset.
>>>>
>>>> If you cannot get any relevant info from this angle, I think a packet
>>>> capture is the next step.
>>>>
>>>> -C
>>>>
>>>>
>>>>
>>>>
>>>> On 10 July 2014 17:07, Javier Menendez <menendez.garcia at gmail.com>
>>>> wrote:
>>>>
>>>>> Thanks ciprian,
>>>>> I am trying to debug this with chrome, I tryed to make a raw websocket
>>>>> connection
>>>>>  conn = new WebSocket("wss://myhost:10081")
>>>>>
>>>>> and I got a readyState 3. that's all I can debug :/
>>>>>
>>>>> If I access to https://myhost:10081/ it says verified, and its
>>>>> green...
>>>>>
>>>>>
>>>>> On Thu, Jul 10, 2014 at 5:40 PM, Ciprian Dosoftei <
>>>>> ciprian.dosoftei at gmail.com> wrote:
>>>>>
>>>>>> Javier,
>>>>>>
>>>>>> It looks like the client is resetting the connection, it may after
>>>>>> all be a SSL issue.
>>>>>>
>>>>>> Best way to start debugging is to pop up the developer console (I use
>>>>>> Chrome and it never disappoints me when it comes down to tracking down
>>>>>> issues) and see what's unusual with that WSS connection.
>>>>>>
>>>>>> -Ciprian
>>>>>>
>>>>>>
>>>>>> On 10 July 2014 12:27, Javier Menendez <menendez.garcia at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I am trying to get the wss connection work, tried everything and
>>>>>>> still doesn't work, I don't think it is a certificate problem because if I
>>>>>>> try this manually:
>>>>>>>
>>>>>>> curl -v https://myhost.com:10081/ -H "Upgrade: WebSocket" -H
>>>>>>> "Connection: Upgrade" -H "Sec-WebSocket-Protocol: sip" -H
>>>>>>> "Sec-WebSocket-Key: +LLGYSDSKelND6UVF9z71w==" -H "Sec-WebSocket-Version:
>>>>>>> 13"
>>>>>>> * About to connect() to myhost.com port 10081 (#0)
>>>>>>> *   Trying X.X.X.X... connected
>>>>>>> * Connected to myhost.com (X.X.X.X) port 10081 (#0)
>>>>>>> * successfully set certificate verify locations:
>>>>>>> *   CAfile: none
>>>>>>>   CApath: /etc/ssl/certs
>>>>>>> * SSLv3, TLS handshake, Client hello (1):
>>>>>>> * SSLv3, TLS handshake, Server hello (2):
>>>>>>> * SSLv3, TLS handshake, CERT (11):
>>>>>>> * SSLv3, TLS handshake, Server finished (14):
>>>>>>> * SSLv3, TLS handshake, Client key exchange (16):
>>>>>>> * SSLv3, TLS change cipher, Client hello (1):
>>>>>>> * SSLv3, TLS handshake, Finished (20):
>>>>>>> * SSLv3, TLS change cipher, Client hello (1):
>>>>>>> * SSLv3, TLS handshake, Finished (20):
>>>>>>> * SSL connection using AES256-SHA
>>>>>>> * Server certificate:
>>>>>>> *      subject: OU=Domain Control Validated; CN=myhost.com
>>>>>>> *      start date: 2014-06-16 10:09:42 GMT
>>>>>>> *      expire date: 2016-06-07 11:02:46 GMT
>>>>>>> *      subjectAltName: myhost.com matched
>>>>>>> *      issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.;
>>>>>>> OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure
>>>>>>> Certificate Authority - G2
>>>>>>> *      SSL certificate verify ok.
>>>>>>> > GET / HTTP/1.1
>>>>>>> > User-Agent: curl/7.21.0 (i486-pc-linux-gnu) libcurl/7.19.7
>>>>>>> OpenSSL/0.9.8o zlib/1.2.3.3 libidn/1.15
>>>>>>> > Host: myhost.com:10081
>>>>>>> > Accept: */*
>>>>>>> > Upgrade: WebSocket
>>>>>>> > Connection: Upgrade
>>>>>>> > Sec-WebSocket-Protocol: sip
>>>>>>> > Sec-WebSocket-Key: +LLGYSDSKelND6UVF9z71w==
>>>>>>> > Sec-WebSocket-Version: 13
>>>>>>> >
>>>>>>> < HTTP/1.1 101 Switching Protocols
>>>>>>> < Upgrade: websocket
>>>>>>> < Connection: Upgrade
>>>>>>> < Sec-WebSocket-Accept: CQsVOMdurBA
>>>>>>>
>>>>>>>
>>>>>>> so it seems to work, but if I try with jssip or sipml5 library I got
>>>>>>> this trace log and the socket gets disconnected within half second
>>>>>>>
>>>>>>> freeswitch at internal> tport.c:2749 tport_wakeup_pri()
>>>>>>> tport_wakeup_pri(0x7f2198004f20): events IN
>>>>>>> tport.c:862 tport_alloc_secondary()
>>>>>>> tport_alloc_secondary(0x7f2198004f20): new secondary tport 0x7f21980afb20
>>>>>>> tport.c:2640 tport_accept() tport_accept(0x7f21980afb20): new
>>>>>>> connection from wss/130.117.88.33:62056/sips
>>>>>>> tport.c:2773 tport_wakeup() tport_wakeup(0x7f21980afb20): events IN
>>>>>>> tport.c:2864 tport_recv_event() tport_recv_event(0x7f21980afb20)
>>>>>>> tport.c:2296 tport_set_secondary_timer() tport(0x7f21980afb20):
>>>>>>> reset timer
>>>>>>> tport.c:2773 tport_wakeup() tport_wakeup(0x7f21980afb20): events IN
>>>>>>> HUP ERR
>>>>>>> nta.c:2719 agent_tp_error() nta_agent: tport: Conexión
>>>>>>> reinicializada por la máquina remota
>>>>>>> tport.c:2090 tport_close() tport_close(0x7f21980afb20): wss/
>>>>>>> 130.117.88.33:62056/sips
>>>>>>>
>>>>>>> I am using last version from git and I also tried with 1.4 versions.
>>>>>>> I have accept-blind-auth and accept-blind-reg to true, any clue?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _________________________________________________________________________
>>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>>> consulting at freeswitch.org
>>>>>>> http://www.freeswitchsolutions.com
>>>>>>>
>>>>>>> 
>>>>>>> 
>>>>>>>
>>>>>>> Official FreeSWITCH Sites
>>>>>>> http://www.freeswitch.org
>>>>>>> http://wiki.freeswitch.org
>>>>>>> http://www.cluecon.com
>>>>>>>
>>>>>>> FreeSWITCH-users mailing list
>>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>>> UNSUBSCRIBE:
>>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>>> http://www.freeswitch.org
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best Regards,
>>>>>> Ciprian Dosoftei
>>>>>>
>>>>>> The information transmitted is intended only for the addressee and
>>>>>> may contain privileged and/or confidential material. If you are not the
>>>>>> intended recipient, kindly contact the sender and delete the message.
>>>>>>
>>>>>> Any disclosure, distribution or copying of this message is strictly
>>>>>> prohibited without the expressed permission of the sender.
>>>>>>
>>>>>>
>>>>>> _________________________________________________________________________
>>>>>> Professional FreeSWITCH Consulting Services:
>>>>>> consulting at freeswitch.org
>>>>>> http://www.freeswitchsolutions.com
>>>>>>
>>>>>> 
>>>>>> 
>>>>>>
>>>>>> Official FreeSWITCH Sites
>>>>>> http://www.freeswitch.org
>>>>>> http://wiki.freeswitch.org
>>>>>> http://www.cluecon.com
>>>>>>
>>>>>> FreeSWITCH-users mailing list
>>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>>> UNSUBSCRIBE:
>>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>>> http://www.freeswitch.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _________________________________________________________________________
>>>>> Professional FreeSWITCH Consulting Services:
>>>>> consulting at freeswitch.org
>>>>> http://www.freeswitchsolutions.com
>>>>>
>>>>> 
>>>>> 
>>>>>
>>>>> Official FreeSWITCH Sites
>>>>> http://www.freeswitch.org
>>>>> http://wiki.freeswitch.org
>>>>> http://www.cluecon.com
>>>>>
>>>>> FreeSWITCH-users mailing list
>>>>> FreeSWITCH-users at lists.freeswitch.org
>>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>>> UNSUBSCRIBE:
>>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>>> http://www.freeswitch.org
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Best Regards,
>>>> Ciprian Dosoftei
>>>>
>>>> The information transmitted is intended only for the addressee and may
>>>> contain privileged and/or confidential material. If you are not the
>>>> intended recipient, kindly contact the sender and delete the message.
>>>>
>>>> Any disclosure, distribution or copying of this message is strictly
>>>> prohibited without the expressed permission of the sender.
>>>>
>>>>
>>>> _________________________________________________________________________
>>>> Professional FreeSWITCH Consulting Services:
>>>> consulting at freeswitch.org
>>>> http://www.freeswitchsolutions.com
>>>>
>>>> 
>>>> 
>>>>
>>>> Official FreeSWITCH Sites
>>>> http://www.freeswitch.org
>>>> http://wiki.freeswitch.org
>>>> http://www.cluecon.com
>>>>
>>>> FreeSWITCH-users mailing list
>>>> FreeSWITCH-users at lists.freeswitch.org
>>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>>> UNSUBSCRIBE:
>>>> http://lists.freeswitch.org/mailman/options/freeswitch-users
>>>> http://www.freeswitch.org
>>>>
>>>>
>>>
>>> _________________________________________________________________________
>>> Professional FreeSWITCH Consulting Services:
>>> consulting at freeswitch.org
>>> http://www.freeswitchsolutions.com
>>>
>>> 
>>> 
>>>
>>> Official FreeSWITCH Sites
>>> http://www.freeswitch.org
>>> http://wiki.freeswitch.org
>>> http://www.cluecon.com
>>>
>>> FreeSWITCH-users mailing list
>>> FreeSWITCH-users at lists.freeswitch.org
>>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>>> http://www.freeswitch.org
>>>
>>>
>>
>>
>> --
>> Best Regards,
>> Ciprian Dosoftei
>>
>> The information transmitted is intended only for the addressee and may
>> contain privileged and/or confidential material. If you are not the
>> intended recipient, kindly contact the sender and delete the message.
>>
>> Any disclosure, distribution or copying of this message is strictly
>> prohibited without the expressed permission of the sender.
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> 
>> 
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://wiki.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140711/1ce8b135/attachment-0001.html 


Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users mailing list