經過幾天的漫長搜索。原來我的問題是 openssl 不能支持舊版本
以前我曾經這樣設定命令
openssl s_client -connect xxx.xxx.xxx.xxx:5061
error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:ssl/statem/statem_lib.c:1947:
但經過搜索,我發現我的 openssl 。老版本不支持-tls1
因為當我輸入這樣的命令時,我有一個很好的結果
openssl s_client -showcerts -connect xxx.xxx.xxx.xxx:5061 -tls1
如何讓 openssl 接受所有版本的 tls
現在我得到ip指紋來使用它Net::SIP
my $ua = Net::SIP::Simple->new(
registrar => "sips:$host",
domain => $host,
from => $user,
auth => [ $user,$pass ],
tls => {
SSL_fingerprint => "E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A0",
}
我收到此錯誤,表明 Net::SIP::SocketPool 它不能支持所有版本的 ssl
1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
這是除錯
1654098685.5654 DEBUG:<90> Net::SIP::Leg::new[155]: created socket on 37.49.230.178:5061
1654098685.5908 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=3 rw(0) sock=37.49.230.178:5061
1654098685.5913 DEBUG:<10> Net::SIP::Endpoint::new_request[156]: create new request for REGISTER within new call d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50> Net::SIP::Endpoint::new_request[164]: request=REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5919 DEBUG:<50> Call-id: d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50> Contact: 123wqe <sips:123wqe@37.49.230.178>
1654098685.5919 DEBUG:<50> Cseq: 1 REGISTER
1654098685.5919 DEBUG:<50> Expires: 40000
1654098685.5919 DEBUG:<50> From: 123wqe <sips:123wqe@124.219.75.161:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5919 DEBUG:<50> Max-forwards: 70
1654098685.5919 DEBUG:<50> To: 123wqe <sips:123wqe@124.219.75.161:5061>
1654098685.5919 DEBUG:<50> Content-length: 0
1654098685.5919 DEBUG:<50>
1654098685.5919 DEBUG:<50>
1654098685.5923 DEBUG:<50> Net::SIP::Dispatcher::resolve_uri[777]: setting dst_addr leg to 124.219.75.161:5061 from outgoing_proxy
1654098685.5925 DEBUG:<50> Net::SIP::Dispatcher::__deliver[656]: deliver through leg Net::SIP::Leg tls:37.49.230.178:5061 @124.219.75.161:5061
1654098685.5933 DEBUG:<2> Net::SIP::Leg::deliver[426]: delivery with tls from 37.49.230.178:5061 to 124.219.75.161:5061:
1654098685.5933 DEBUG:<2> REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5933 DEBUG:<2> Via: SIP/2.0/TLS 37.49.230.178;branch=z9hG4bK00e9f4efe35faaa9bdbb57f0567e0aa6da27d1fe67b18e42d2d556d9e98c1b
1654098685.5933 DEBUG:<2> Call-id: d17085871842c89df197179aff244846
1654098685.5933 DEBUG:<2> Contact: 123wqe <sips:123wqe@37.49.230.178>
1654098685.5933 DEBUG:<2> Cseq: 1 REGISTER
1654098685.5933 DEBUG:<2> Expires: 40000
1654098685.5933 DEBUG:<2> From: 123wqe <sips:123wqe@124.219.75.161:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5933 DEBUG:<2> Max-forwards: 70
1654098685.5933 DEBUG:<2> To: 123wqe <sips:123wqe@124.219.75.161:5061>
1654098685.5933 DEBUG:<2> Content-length: 0
1654098685.5933 DEBUG:<2>
1654098685.5933 DEBUG:<2>
1654098685.5937 DEBUG:<40> Net::SIP::SocketPool::sendto[259]: need new tcp socket to 124.219.75.161:5061
1654098685.5943 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[312]: timeout sockets
1654098685.5944 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[330]: timeout sockets - need timer
1654098685.5946 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(1) sock=37.49.230.178:39921
1654098685.8318 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=1
1654098685.8320 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[91]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) disable rw(1) fn=4 sock=37.49.230.178:39921
1654098685.8321 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[694]: upgrade to SSL client
1654098685.8337 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[716]: TLS connect - want read
1654098685.8338 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(0) sock=37.49.230.178:39921
1654098686.0719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=0
1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
1654098686.0726 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=4 sock=37.49.230.178:39921
1654098686.5669 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(disp_expire) 1654098686.56348 repeat=<undef>
1654098686.5670 DEBUG:<50> Net::SIP::Dispatcher::queue_expire[576]: next expire <undef>
1654098693.5719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(socketpool-timeout) 1654098693.56348 repeat=8
1654098693.5723 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[340]: timer cancel
E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A01654098725.6161 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=3 sock=37.49.230.178:5061
uj5u.com熱心網友回復:
您系統上的默認安全級別可能設定為 2,因此默認情況下禁用較舊的 TLS 版本。但是可以禁用此功能:
my $ua = Net::SIP::Simple->new(
....
tls => {
SSL_fingerprint => ...,
SSL_cipher_list => 'DEFAULT:@SECLEVEL=1', # allow more ciphers
SSL_version => 'TLSv1', # enforce TLSv1
}
);
轉載請註明出處,本文鏈接:https://www.uj5u.com/qita/485307.html
