当前位置: 文江博客话题详情

OpenSSL不支持所有SSL版本和NET :: SIP :: SocketPool不支持所有SSL版本

发布于 2025-02-03 12:04:55 字数 6596 浏览 3 评论 0原文

经过几天的漫长搜索。 事实证明,我的问题是openssl无法支持

以前用来设置这样的命令

openssl s_client -connect xxx.xxx.xxx.xxx:5061

error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:ssl/statem/statem_lib.c:1947:

的旧版本,但是在搜索后,我发现我的openssl。旧版本不支持-tls1,

因为当我键入这样的命令时 我有一个很好的结果,

 openssl s_client -showcerts -connect xxx.xxx.xxx.xxx:5061   -tls1

如何使OpenSSL接受

现在的所有版本的TL,我在net :: sip

 my $ua = Net::SIP::Simple->new(
  registrar => "sips:$host",
  domain =>  $host,
  from => $user,
  auth => [ $user,$pass ],
        tls => {
            SSL_fingerprint => "E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A0",
 }

我得到此错误,这表明net :: sip :: :: socketpool 它不能支持所有版本SSL,

1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

这是调试

1654098685.5654 DEBUG:<90> Net::SIP::Leg::new[155]: created socket on 37.49.230.178:5061
1654098685.5908 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=3 rw(0) sock=37.49.230.178:5061
1654098685.5913 DEBUG:<10> Net::SIP::Endpoint::new_request[156]: create new request for REGISTER within new call d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50> Net::SIP::Endpoint::new_request[164]: request=REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5919 DEBUG:<50>      Call-id: d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50>      Contact: 123wqe <sips:[email protected]>
1654098685.5919 DEBUG:<50>      Cseq: 1 REGISTER
1654098685.5919 DEBUG:<50>      Expires: 40000
1654098685.5919 DEBUG:<50>      From: 123wqe <sips:[email protected]:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5919 DEBUG:<50>      Max-forwards: 70
1654098685.5919 DEBUG:<50>      To: 123wqe <sips:[email protected]:5061>
1654098685.5919 DEBUG:<50>      Content-length: 0
1654098685.5919 DEBUG:<50>
1654098685.5919 DEBUG:<50>
1654098685.5923 DEBUG:<50> Net::SIP::Dispatcher::resolve_uri[777]: setting dst_addr+leg to 124.219.75.161:5061 from outgoing_proxy
1654098685.5925 DEBUG:<50> Net::SIP::Dispatcher::__deliver[656]: deliver through leg Net::SIP::Leg tls:37.49.230.178:5061 @124.219.75.161:5061
1654098685.5933 DEBUG:<2> Net::SIP::Leg::deliver[426]: delivery with tls from 37.49.230.178:5061 to 124.219.75.161:5061:
1654098685.5933 DEBUG:<2>       REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5933 DEBUG:<2>       Via: SIP/2.0/TLS 37.49.230.178;branch=z9hG4bK00e9f4efe35faaa9bdbb57f0567e0aa6da27d1fe67b18e42d2d556d9e98c1b
1654098685.5933 DEBUG:<2>       Call-id: d17085871842c89df197179aff244846
1654098685.5933 DEBUG:<2>       Contact: 123wqe <sips:[email protected]>
1654098685.5933 DEBUG:<2>       Cseq: 1 REGISTER
1654098685.5933 DEBUG:<2>       Expires: 40000
1654098685.5933 DEBUG:<2>       From: 123wqe <sips:[email protected]:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5933 DEBUG:<2>       Max-forwards: 70
1654098685.5933 DEBUG:<2>       To: 123wqe <sips:[email protected]:5061>
1654098685.5933 DEBUG:<2>       Content-length: 0
1654098685.5933 DEBUG:<2>
1654098685.5933 DEBUG:<2>
1654098685.5937 DEBUG:<40> Net::SIP::SocketPool::sendto[259]: need new tcp socket to 124.219.75.161:5061
1654098685.5943 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[312]: timeout sockets
1654098685.5944 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[330]: timeout sockets - need timer
1654098685.5946 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(1) sock=37.49.230.178:39921
1654098685.8318 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=1
1654098685.8320 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[91]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) disable rw(1) fn=4 sock=37.49.230.178:39921
1654098685.8321 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[694]: upgrade to SSL client
1654098685.8337 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[716]: TLS connect - want read
1654098685.8338 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(0) sock=37.49.230.178:39921
1654098686.0719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=0
1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
1654098686.0726 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=4 sock=37.49.230.178:39921
1654098686.5669 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(disp_expire) 1654098686.56348 repeat=<undef>
1654098686.5670 DEBUG:<50> Net::SIP::Dispatcher::queue_expire[576]: next expire <undef>
1654098693.5719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(socketpool-timeout) 1654098693.56348 repeat=8
1654098693.5723 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[340]: timer cancel
E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A01654098725.6161 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=3 sock=37.49.230.178:5061
原文

After a long search for days.
Turns out my problem is that openssl can't support older versions

Previously I used to set the command like this

openssl s_client -connect xxx.xxx.xxx.xxx:5061

error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:ssl/statem/statem_lib.c:1947:

But after searching I found out that my openssl . Old version does not support -tls1

Since when I type the command like this
I have a good result

 openssl s_client -showcerts -connect xxx.xxx.xxx.xxx:5061   -tls1

How can I make openssl accept all versions of tls

now on i get fingerprint of ip to use it in Net::SIP

 my $ua = Net::SIP::Simple->new(
  registrar => "sips:$host",
  domain =>  $host,
  from => $user,
  auth => [ $user,$pass ],
        tls => {
            SSL_fingerprint => "E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A0",
 }

I get this error which indicates that Net::SIP::SocketPool
It cannot support all versions ssl

1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

this is debug

1654098685.5654 DEBUG:<90> Net::SIP::Leg::new[155]: created socket on 37.49.230.178:5061
1654098685.5908 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=3 rw(0) sock=37.49.230.178:5061
1654098685.5913 DEBUG:<10> Net::SIP::Endpoint::new_request[156]: create new request for REGISTER within new call d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50> Net::SIP::Endpoint::new_request[164]: request=REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5919 DEBUG:<50>      Call-id: d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50>      Contact: 123wqe <sips:[email protected]>
1654098685.5919 DEBUG:<50>      Cseq: 1 REGISTER
1654098685.5919 DEBUG:<50>      Expires: 40000
1654098685.5919 DEBUG:<50>      From: 123wqe <sips:[email protected]:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5919 DEBUG:<50>      Max-forwards: 70
1654098685.5919 DEBUG:<50>      To: 123wqe <sips:[email protected]:5061>
1654098685.5919 DEBUG:<50>      Content-length: 0
1654098685.5919 DEBUG:<50>
1654098685.5919 DEBUG:<50>
1654098685.5923 DEBUG:<50> Net::SIP::Dispatcher::resolve_uri[777]: setting dst_addr+leg to 124.219.75.161:5061 from outgoing_proxy
1654098685.5925 DEBUG:<50> Net::SIP::Dispatcher::__deliver[656]: deliver through leg Net::SIP::Leg tls:37.49.230.178:5061 @124.219.75.161:5061
1654098685.5933 DEBUG:<2> Net::SIP::Leg::deliver[426]: delivery with tls from 37.49.230.178:5061 to 124.219.75.161:5061:
1654098685.5933 DEBUG:<2>       REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5933 DEBUG:<2>       Via: SIP/2.0/TLS 37.49.230.178;branch=z9hG4bK00e9f4efe35faaa9bdbb57f0567e0aa6da27d1fe67b18e42d2d556d9e98c1b
1654098685.5933 DEBUG:<2>       Call-id: d17085871842c89df197179aff244846
1654098685.5933 DEBUG:<2>       Contact: 123wqe <sips:[email protected]>
1654098685.5933 DEBUG:<2>       Cseq: 1 REGISTER
1654098685.5933 DEBUG:<2>       Expires: 40000
1654098685.5933 DEBUG:<2>       From: 123wqe <sips:[email protected]:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5933 DEBUG:<2>       Max-forwards: 70
1654098685.5933 DEBUG:<2>       To: 123wqe <sips:[email protected]:5061>
1654098685.5933 DEBUG:<2>       Content-length: 0
1654098685.5933 DEBUG:<2>
1654098685.5933 DEBUG:<2>
1654098685.5937 DEBUG:<40> Net::SIP::SocketPool::sendto[259]: need new tcp socket to 124.219.75.161:5061
1654098685.5943 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[312]: timeout sockets
1654098685.5944 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[330]: timeout sockets - need timer
1654098685.5946 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(1) sock=37.49.230.178:39921
1654098685.8318 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=1
1654098685.8320 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[91]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) disable rw(1) fn=4 sock=37.49.230.178:39921
1654098685.8321 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[694]: upgrade to SSL client
1654098685.8337 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[716]: TLS connect - want read
1654098685.8338 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(0) sock=37.49.230.178:39921
1654098686.0719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=0
1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
1654098686.0726 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=4 sock=37.49.230.178:39921
1654098686.5669 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(disp_expire) 1654098686.56348 repeat=<undef>
1654098686.5670 DEBUG:<50> Net::SIP::Dispatcher::queue_expire[576]: next expire <undef>
1654098693.5719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(socketpool-timeout) 1654098693.56348 repeat=8
1654098693.5723 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[340]: timer cancel
E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A01654098725.6161 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=3 sock=37.49.230.178:5061

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

赠意 2025-02-10 12:04:55

系统上的默认安全级别可能设置为2个,以便默认情况下禁用较旧的TLS版本。但是可以禁用这一点:

my $ua = Net::SIP::Simple->new(
  ....
  tls => {
      SSL_fingerprint => ...,
      SSL_cipher_list => 'DEFAULT:@SECLEVEL=1', # allow more ciphers
      SSL_version => 'TLSv1',  # enforce TLSv1
  }
);

It is likely that the default security level on your system is set to 2 so that older TLS versions are disabled by default. But one can disable this:

my $ua = Net::SIP::Simple->new(
  ....
  tls => {
      SSL_fingerprint => ...,
      SSL_cipher_list => 'DEFAULT:@SECLEVEL=1', # allow more ciphers
      SSL_version => 'TLSv1',  # enforce TLSv1
  }
);
回复 原文
~没有更多了~

关于作者

逆光下的微笑

暂无简介

文章
评论
29 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

李珊平

文章 0 评论 0

Quxin

文章 0 评论 0

范无咎

文章 0 评论 0

github_ZOJ2N8YxBm

文章 0 评论 0

若言

文章 0 评论 0

南…巷孤猫

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文