用 ssldump 跟踪 tls 问题

背景如下：

朋友的 FreeSWITCH 部署在公网

MicroSIP transport=tls 能成功注册到 FreeSWITCH

但 Linphone linphone-android-6.0.17.apk tls 不行，注册失败（当然不是密码不正确，不是这类简单问题）

于是我找了一个公网服务器，安装 Kamailio 和 ssldump 进行跟踪

主要过程如下：

kamailio listen

tls: 192.168.99.203 [192.168.99.203]:12291 advertise tls:11.22.33.44:12291 # 公网地址是假的

tls.cfg 内容为：

[server:default]
method = TLSv1.2
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/privkey.pem
certificate = /etc/kamailio/cert.pem
cipher_list = AES128-SHA256

[client:default]
verify_certificate = no
require_certificate = no
 

自签名证书

专门配置了加密套件

运行  ssldump  -i any port 12291  -d -k privkey.pem
启动 MicroSIP, 配置 sip 传输为 tls

ssldump 详细信息为：

New TCP connection #1: 113.84.64.28(24944) <-> 192.168.99.203(12291)
1    11.5501 (11.5501)  C>S  TCP FIN
1    11.5520 (0.0019)  S>C  TCP FIN
New TCP connection #2: 113.84.64.28(24949) <-> 192.168.99.203(12291)
2 1  0.0403 (0.0403)  C>S  Handshake
      ClientHello
        Version 3.3 
        cipher suites
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
        TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA256
        TLS_RSA_WITH_AES_128_CBC_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        compression methods
                  NULL
        extensions
          ec_point_formats
            ec point format                           uncompressed
            ec point format                           ansiX962_compressed_prime
            ec point format                           ansiX962_compressed_char2

          supported_groups
            supported group                           x25519
            supported group                           secp256r1
            supported group                           x448
            supported group                           secp521r1
            supported group                           secp384r1

          session_ticket
          encrypt_then_mac
          extended_master_secret
          signature_algorithms
        ja3 string: 771,49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-61-60-53-47-255,11-10-35-22-23-13,29-23-30-25-24,0-1-2
        ja3 fingerprint: fbe7e189e37a07ee33706f86bc746344
2 2  0.0436 (0.0033)  S>C  Handshake
      ServerHello
        Version 3.3 
        session_id[0]=

        cipherSuite         TLS_RSA_WITH_AES_128_CBC_SHA256
        compressionMethod                   NULL
        extensions
          renegotiation_info
          session_ticket
          encrypt_then_mac
          extended_master_secret
        ja3s string: 771,60,65281-35-22-23
        ja3s fingerprint: 9fab333bee8e4f1e571c9e98ecad33bc
2 3  0.0436 (0.0000)  S>C  Handshake
      Certificate
2 4  0.0436 (0.0000)  S>C  Handshake
      ServerHelloDone
2 5  0.0871 (0.0434)  C>S  Handshake
      ClientKeyExchange
2 6  0.0871 (0.0000)  C>S  ChangeCipherSpec
2 7  0.0871 (0.0000)  C>S  Handshake
      Finished
2 8  0.0929 (0.0058)  S>C  Handshake
      SessionTicket        ticket_lifetime = -1866529344
2 9  0.0929 (0.0000)  S>C  ChangeCipherSpec
2 10 0.0929 (0.0000)  S>C  Handshake
      Finished
2 11 0.1423 (0.0493)  C>S  application_data
    —————————————————————
    REGISTER sip:11.22.33.44:12291;transport=tls SIP/2.0
    Via: SIP/2.0/TLS 192.168.214.35:61958;rport;branch=z9hG4bKPj36dc3490636944e1bf1d7a0959879b63;alias
    Route: <sip:11.22.33.44:12291;transport=tls;lr>
    Max-Forwards: 70
    From: <sip:1111@11.22.33.44>;tag=06dd13b361eb407996be188247176c4d
    To: <sip:1111@11.22.33.44>
    Call-ID: 044fadd9b0c24dd7a7efa4260cffcc6c
    CSeq: 25210 REGISTER
    User-Agent: MicroSIP/3.21.5
    Supported: outbound, path
    Contact: <sip:1111@192.168.214.35:61958;transport=TLS;ob>;reg-id=1;+sip.instance=”<urn:uuid:00000000-0000-0000-0000-000002a8785c>”
    Expires: 300
    Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
    Content-Length:  0
…

还有几个问题没有解决：

1 是 FreeSWITCH 怎样选择加密套件，因为有些加密套件 ssldump 没办法解码

2 Linphone tls 注册，但 ssldump 上基本没输出，暂时不知道什么原因

Linphone 注册失败，当然是 Linphone 的原因，回头在网上查下 Linphone android 资料

FreeSWITCH 的相关资料，我已经查到了，涉及到二个配置：

全局变量：

  <X-PRE-PROCESS cmd=”set” data=”sip_tls_ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH”/>
SIP Profile：

    <param name=”tls-ciphers” value=”$${sip_tls_ciphers}”/>
以后有机会做下测试

Linphone 的真正问题可以细看这二个 issue:

https://github.com/BelledonneCommunications/linphone-desktop/issues/323

https://github.com/BelledonneCommunications/linphone-android/issues/947
 

之前 ssldump 跟踪不到 Linphone 的消息，实在是网络问题，现在可以跟踪到了，内容为：

  
New TCP connection #3: 113.84.64.28(24911) <-> 192.168.99.203(12291)
3 1  0.1102 (0.1102)  C>S  Handshake
      ClientHello
        Version 3.3 
        resume [32]=
          0c d4 d3 c0 b2 c6 03 48 a2 87 3e 65 fc 21 64 d4 
          cc c0 6f 26 ae 41 55 d7 a4 c2 a4 68 c3 f6 95 3c 
        cipher suites
        TLS_CHACHA20_POLY1305_SHA256
        TLS_AES_256_GCM_SHA384
        TLS_AES_128_GCM_SHA256
        TLS_AES_128_CCM_SHA256
        TLS_AES_128_CCM_8_SHA256
        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
        TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_ECDSA_WITH_AES_256_CCM
        TLS_DHE_RSA_WITH_AES_256_CCM
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
        TLS_DHE_RSA_WITH_AES_256_CCM_8
        TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
        TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
        TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
        TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
        TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
        TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
        TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384
        TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384
        TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384
        TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_128_CCM
        TLS_DHE_RSA_WITH_AES_128_CCM
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
        TLS_DHE_RSA_WITH_AES_128_CCM_8
        TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
        TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
        TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
        TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
        TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
        TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256
        TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256
        TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_256_CCM
        TLS_RSA_WITH_AES_256_CBC_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
        TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
        TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
        TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
        TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_256_CCM_8
        TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
        TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
        TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
        TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
        TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
        TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
        TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384
        TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384
        TLS_RSA_WITH_ARIA_256_GCM_SHA384
        TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384
        TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384
        TLS_RSA_WITH_ARIA_256_CBC_SHA384
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_128_CCM
        TLS_RSA_WITH_AES_128_CBC_SHA256
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
        TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
        TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_128_CCM_8
        TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
        TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
        TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
        TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
        TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
        TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256
        TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256
        TLS_RSA_WITH_ARIA_128_GCM_SHA256
        TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256
        TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256
        TLS_RSA_WITH_ARIA_128_CBC_SHA256
        TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        compression methods
                  NULL
        extensions
          server_name
              host_name: 220.231.180.131
          supported_versions
            version: 3.4
            version: 3.3
          key_share
          psk_key_exchange_modes
          supported_groups
            supported group                           x25519
            supported group                           secp256r1
            supported group                           secp384r1
            supported group                           x448
            supported group                           secp521r1
            supported group             

          compress_certificate
        ja3 string: 771,4867-4866-4865-4868-4869-52392-52393-52394-49196-49200-159-49325-49311-49188-49192-107-49162-49172-57-49327-49315-49287-49291-49277-49267-49271-196-136-49245-49249-49235-49225-49229-49221-49195-49199-158-49324-49310-49187-49191-103-49161-49171-51-49326-49314-49286-49290-49276-49266-49270-190-69-49244-49248-49234-49224-49228-49220-157-49309-61-53-49202-49194-49167-49198-49190-49157-49313-49275-192-132-49293-49273-49289-49269-49247-49251-49233-49227-49231-49213-156-49308-60-47-49201-49193-49166-49197-49189-49156-49312-49274-186-65-49292-49272-49288-49268-49246-49250-49232-49226-49230-49212-255,0-43-51-45-10-27-1537,,
        ja3 fingerprint: 38d6935edf5f84a376d17c5973ffc3e8
3 2  0.1128 (0.0026)  S>C  Handshake
      ServerHello
        Version 3.3 
        session_id[0]=

        cipherSuite         TLS_RSA_WITH_AES_128_CBC_SHA256
        compressionMethod                   NULL
        extensions
          renegotiation_info
          server_name
          session_ticket
          encrypt_then_mac
          extended_master_secret
        ja3s string: 771,60,65281-0-35-22-23
        ja3s fingerprint: 81f247bb15304e14126cd20cc5ca8c48
3 3  0.1128 (0.0000)  S>C  Handshake
      Certificate
3 4  0.1128 (0.0000)  S>C  Handshake
      ServerHelloDone
3 5  0.3347 (0.2218)  C>S  Alert
    level           fatal
    value           unknown_ca
3    0.3351 (0.0004)  S>C  TCP FIN
3    0.3644 (0.0293)  C>S  TCP RST
 

其实，关键的信息在最后几行

3 5  0.3347 (0.2218)  C>S  Alert
    level           fatal
    value           unknown_ca
3    0.3351 (0.0004)  S>C  TCP FIN
3    0.3644 (0.0293)  C>S  TCP RST

客户端说 服务器 offer 的是 未知 ca

服务器发了 TCP FIN 

客户端发了 TCP RST

这跟 tcpdump 抓包，然后用 wireshark 分析到的结果，是一致的

Kamailio 的日志为：

ERROR: tls [tls_server.c:1312]: tls_h_read_f(): protocol level error
ERROR: tls [tls_util.h:49]: tls_err_ret(): TLS accept:error:0A000418:SSL routines::tlsv1 alert unknown ca
 

全文完