[Chilli] CoovaChilli and RadSec
David Bird
david at coova.com
Wed Jun 23 11:16:40 UTC 2010
Hi Stelio,
Thanks... will commit to subversion.
David
On Wed, 2010-06-23 at 10:32 +0200, Stelio Gouveia wrote:
> The problem it seems is when Coova-Chilli sends a SSLv2 CLIENT-HELLO
> message. RadSecProxy doesn't know what to do with it and fails to
> establish a SSL connection as it's listening for TLSv1 CLIENT-HELLO
> messages.
>
>
> Now if we replace the SSLv23_client_method with the
> TLSv1_client_method, then we can get Coova-Chilli and RadSecProxy
> sending encrypted packets.
>
>
> Are there any objections to doing this? Other than the fact that
> SSLv23 method is no longer supported
>
>
> See the patch bellow:
>
>
> --- ssl.c.orginal 2010-06-23 09:53:51.406061947 +0200
> +++ ssl.c 2010-06-23 09:54:05.966062034 +0200
> @@ -182,7 +182,7 @@
> if (server) {
> env->meth = SSLv23_server_method();
> } else {
> - env->meth = SSLv23_client_method();
> + env->meth = TLSv1_client_method();
> }
> env->ctx = SSL_CTX_new(env->meth);
> SSL_CTX_set_options(env->ctx, SSL_OP_ALL);
>
>
> - Stelio
>
> On Fri, Jun 18, 2010 at 10:28 AM, Stelio Gouveia <stelio at skyrove.com>
> wrote:
> Hi Folks
>
>
> I'm trying to get CoovaChilli (v1.2.3) to encrypt it's packets
> using RadSec and forward them on to RadSecProxy 1.4
>
>
> On my RadSecProxy side, i get the following:
> Jun 17 15:30:54 2010: tlsservernew: incoming TLS connection
> from 10.0.0.44
> Jun 17 15:30:54 2010: tlsservernew: SSL: error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong version number
> Jun 17 15:30:54 2010: tlsservernew: SSL_accept failed
>
>
> Some posts i've read suggest this could be down to using the
> wrong TLS_PROTOCOL version on either the client or
> server. Which version does CoovaChilli use?
>
>
> Has anyone else tried to marry these two pieces of software?
>
>
> - Stelio
>
>
> --
> Skyrove Software Engineer,
> Skyrove (Pty) Ltd
> Technology Top 100 Award Winner (2006)
> Mobile: +27 82 34 09 120
> Tel: +27 861 ROVERS (0861 768 377)
> Fax: +27 86 6204077
> Email & Gtalk: stelio at skyrove.com
> Web: www.skyrove.com
>
> This message contains confidential information. If you are not
> the intended recipient you are notified that disclosing,
> copying, distributing or taking any action in reliance on the
> contents of this information is strictly prohibited. E-mail
> transmission cannot be guaranteed to be secure or error-free
> as information could be intercepted, corrupted, lost,
> destroyed, arrive late or incomplete, or contain viruses. The
> sender therefore does not accept liability for any errors or
> omissions in the contents of this message.
>
>
>
>
> --
> Regards
> Stelio Gouveia
> --
> Skyrove Software Engineer,
> Skyrove (Pty) Ltd
> Technology Top 100 Award Winner (2006)
> Mobile: +27 82 34 09 120
> Tel: +27 861 ROVERS (0861 768 377)
> Fax: +27 86 6204077
> Email & Gtalk: stelio at skyrove.com
> Web: www.skyrove.com
>
> This message contains confidential information. If you are not the
> intended recipient you are notified that disclosing, copying,
> distributing or taking any action in reliance on the contents of this
> information is strictly prohibited. E-mail transmission cannot be
> guaranteed to be secure or error-free as information could be
> intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
> contain viruses. The sender therefore does not accept liability for
> any errors or omissions in the contents of this message.
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
More information about the Chilli
mailing list