openssl 不支持所有 ssl 版本并且 Net::SIP::SocketPool 不支持所有 ssl 版本
openssl not support all ssl version and Net::SIP::SocketPool not support all ssl version
经过多日的搜索。
原来我的问题是 openssl 不支持旧版本
以前我是这样设置命令的
openssl s_client -connect xxx.xxx.xxx.xxx:5061
error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:ssl/statem/statem_lib.c:1947:
但是在搜索之后我发现我的 openssl 。旧版本不支持-tls1
自从我这样输入命令
我有一个好成绩
openssl s_client -showcerts -connect xxx.xxx.xxx.xxx:5061 -tls1
如何让 openssl 接受所有版本的 tls
现在我得到了 ip 的指纹,可以在 Net::SIP
中使用它
my $ua = Net::SIP::Simple->new(
registrar => "sips:$host",
domain => $host,
from => $user,
auth => [ $user,$pass ],
tls => {
SSL_fingerprint => "E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A0",
}
我收到此错误,表明 Net::SIP::SocketPool
它不能支持所有版本 ssl
1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
这是调试
1654098685.5654 DEBUG:<90> Net::SIP::Leg::new[155]: created socket on 37.49.230.178:5061
1654098685.5908 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=3 rw(0) sock=37.49.230.178:5061
1654098685.5913 DEBUG:<10> Net::SIP::Endpoint::new_request[156]: create new request for REGISTER within new call d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50> Net::SIP::Endpoint::new_request[164]: request=REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5919 DEBUG:<50> Call-id: d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50> Contact: 123wqe <sips:123wqe@37.49.230.178>
1654098685.5919 DEBUG:<50> Cseq: 1 REGISTER
1654098685.5919 DEBUG:<50> Expires: 40000
1654098685.5919 DEBUG:<50> From: 123wqe <sips:123wqe@124.219.75.161:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5919 DEBUG:<50> Max-forwards: 70
1654098685.5919 DEBUG:<50> To: 123wqe <sips:123wqe@124.219.75.161:5061>
1654098685.5919 DEBUG:<50> Content-length: 0
1654098685.5919 DEBUG:<50>
1654098685.5919 DEBUG:<50>
1654098685.5923 DEBUG:<50> Net::SIP::Dispatcher::resolve_uri[777]: setting dst_addr+leg to 124.219.75.161:5061 from outgoing_proxy
1654098685.5925 DEBUG:<50> Net::SIP::Dispatcher::__deliver[656]: deliver through leg Net::SIP::Leg tls:37.49.230.178:5061 @124.219.75.161:5061
1654098685.5933 DEBUG:<2> Net::SIP::Leg::deliver[426]: delivery with tls from 37.49.230.178:5061 to 124.219.75.161:5061:
1654098685.5933 DEBUG:<2> REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5933 DEBUG:<2> Via: SIP/2.0/TLS 37.49.230.178;branch=z9hG4bK00e9f4efe35faaa9bdbb57f0567e0aa6da27d1fe67b18e42d2d556d9e98c1b
1654098685.5933 DEBUG:<2> Call-id: d17085871842c89df197179aff244846
1654098685.5933 DEBUG:<2> Contact: 123wqe <sips:123wqe@37.49.230.178>
1654098685.5933 DEBUG:<2> Cseq: 1 REGISTER
1654098685.5933 DEBUG:<2> Expires: 40000
1654098685.5933 DEBUG:<2> From: 123wqe <sips:123wqe@124.219.75.161:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5933 DEBUG:<2> Max-forwards: 70
1654098685.5933 DEBUG:<2> To: 123wqe <sips:123wqe@124.219.75.161:5061>
1654098685.5933 DEBUG:<2> Content-length: 0
1654098685.5933 DEBUG:<2>
1654098685.5933 DEBUG:<2>
1654098685.5937 DEBUG:<40> Net::SIP::SocketPool::sendto[259]: need new tcp socket to 124.219.75.161:5061
1654098685.5943 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[312]: timeout sockets
1654098685.5944 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[330]: timeout sockets - need timer
1654098685.5946 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(1) sock=37.49.230.178:39921
1654098685.8318 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=1
1654098685.8320 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[91]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) disable rw(1) fn=4 sock=37.49.230.178:39921
1654098685.8321 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[694]: upgrade to SSL client
1654098685.8337 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[716]: TLS connect - want read
1654098685.8338 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(0) sock=37.49.230.178:39921
1654098686.0719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=0
1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
1654098686.0726 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=4 sock=37.49.230.178:39921
1654098686.5669 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(disp_expire) 1654098686.56348 repeat=<undef>
1654098686.5670 DEBUG:<50> Net::SIP::Dispatcher::queue_expire[576]: next expire <undef>
1654098693.5719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(socketpool-timeout) 1654098693.56348 repeat=8
1654098693.5723 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[340]: timer cancel
E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A01654098725.6161 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=3 sock=37.49.230.178:5061
您系统上的默认安全级别可能设置为 2,因此默认情况下禁用旧的 TLS 版本。但是可以禁用它:
my $ua = Net::SIP::Simple->new(
....
tls => {
SSL_fingerprint => ...,
SSL_cipher_list => 'DEFAULT:@SECLEVEL=1', # allow more ciphers
SSL_version => 'TLSv1', # enforce TLSv1
}
);
经过多日的搜索。 原来我的问题是 openssl 不支持旧版本
以前我是这样设置命令的
openssl s_client -connect xxx.xxx.xxx.xxx:5061
error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:ssl/statem/statem_lib.c:1947:
但是在搜索之后我发现我的 openssl 。旧版本不支持-tls1
自从我这样输入命令 我有一个好成绩
openssl s_client -showcerts -connect xxx.xxx.xxx.xxx:5061 -tls1
如何让 openssl 接受所有版本的 tls
现在我得到了 ip 的指纹,可以在 Net::SIP
my $ua = Net::SIP::Simple->new(
registrar => "sips:$host",
domain => $host,
from => $user,
auth => [ $user,$pass ],
tls => {
SSL_fingerprint => "E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A0",
}
我收到此错误,表明 Net::SIP::SocketPool 它不能支持所有版本 ssl
1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
这是调试
1654098685.5654 DEBUG:<90> Net::SIP::Leg::new[155]: created socket on 37.49.230.178:5061
1654098685.5908 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=3 rw(0) sock=37.49.230.178:5061
1654098685.5913 DEBUG:<10> Net::SIP::Endpoint::new_request[156]: create new request for REGISTER within new call d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50> Net::SIP::Endpoint::new_request[164]: request=REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5919 DEBUG:<50> Call-id: d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50> Contact: 123wqe <sips:123wqe@37.49.230.178>
1654098685.5919 DEBUG:<50> Cseq: 1 REGISTER
1654098685.5919 DEBUG:<50> Expires: 40000
1654098685.5919 DEBUG:<50> From: 123wqe <sips:123wqe@124.219.75.161:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5919 DEBUG:<50> Max-forwards: 70
1654098685.5919 DEBUG:<50> To: 123wqe <sips:123wqe@124.219.75.161:5061>
1654098685.5919 DEBUG:<50> Content-length: 0
1654098685.5919 DEBUG:<50>
1654098685.5919 DEBUG:<50>
1654098685.5923 DEBUG:<50> Net::SIP::Dispatcher::resolve_uri[777]: setting dst_addr+leg to 124.219.75.161:5061 from outgoing_proxy
1654098685.5925 DEBUG:<50> Net::SIP::Dispatcher::__deliver[656]: deliver through leg Net::SIP::Leg tls:37.49.230.178:5061 @124.219.75.161:5061
1654098685.5933 DEBUG:<2> Net::SIP::Leg::deliver[426]: delivery with tls from 37.49.230.178:5061 to 124.219.75.161:5061:
1654098685.5933 DEBUG:<2> REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5933 DEBUG:<2> Via: SIP/2.0/TLS 37.49.230.178;branch=z9hG4bK00e9f4efe35faaa9bdbb57f0567e0aa6da27d1fe67b18e42d2d556d9e98c1b
1654098685.5933 DEBUG:<2> Call-id: d17085871842c89df197179aff244846
1654098685.5933 DEBUG:<2> Contact: 123wqe <sips:123wqe@37.49.230.178>
1654098685.5933 DEBUG:<2> Cseq: 1 REGISTER
1654098685.5933 DEBUG:<2> Expires: 40000
1654098685.5933 DEBUG:<2> From: 123wqe <sips:123wqe@124.219.75.161:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5933 DEBUG:<2> Max-forwards: 70
1654098685.5933 DEBUG:<2> To: 123wqe <sips:123wqe@124.219.75.161:5061>
1654098685.5933 DEBUG:<2> Content-length: 0
1654098685.5933 DEBUG:<2>
1654098685.5933 DEBUG:<2>
1654098685.5937 DEBUG:<40> Net::SIP::SocketPool::sendto[259]: need new tcp socket to 124.219.75.161:5061
1654098685.5943 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[312]: timeout sockets
1654098685.5944 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[330]: timeout sockets - need timer
1654098685.5946 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(1) sock=37.49.230.178:39921
1654098685.8318 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=1
1654098685.8320 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[91]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) disable rw(1) fn=4 sock=37.49.230.178:39921
1654098685.8321 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[694]: upgrade to SSL client
1654098685.8337 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[716]: TLS connect - want read
1654098685.8338 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(0) sock=37.49.230.178:39921
1654098686.0719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=0
1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
1654098686.0726 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=4 sock=37.49.230.178:39921
1654098686.5669 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(disp_expire) 1654098686.56348 repeat=<undef>
1654098686.5670 DEBUG:<50> Net::SIP::Dispatcher::queue_expire[576]: next expire <undef>
1654098693.5719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(socketpool-timeout) 1654098693.56348 repeat=8
1654098693.5723 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[340]: timer cancel
E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A01654098725.6161 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=3 sock=37.49.230.178:5061
您系统上的默认安全级别可能设置为 2,因此默认情况下禁用旧的 TLS 版本。但是可以禁用它:
my $ua = Net::SIP::Simple->new(
....
tls => {
SSL_fingerprint => ...,
SSL_cipher_list => 'DEFAULT:@SECLEVEL=1', # allow more ciphers
SSL_version => 'TLSv1', # enforce TLSv1
}
);