openssl not support all ssl version and Net::SIP::SocketPool not support all ssl version-CodePudding

After a long search for days. Turns out my problem is that openssl can't support older versions

Previously I used to set the command like this

openssl s_client -connect xxx.xxx.xxx.xxx:5061

error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:ssl/statem/statem_lib.c:1947:

But after searching I found out that my openssl . Old version does not support -tls1

Since when I type the command like this I have a good result

 openssl s_client -showcerts -connect xxx.xxx.xxx.xxx:5061   -tls1

How can I make openssl accept all versions of tls

now on i get fingerprint of ip to use it in Net::SIP

 my $ua = Net::SIP::Simple->new(
  registrar => "sips:$host",
  domain =>  $host,
  from => $user,
  auth => [ $user,$pass ],
        tls => {
            SSL_fingerprint => "E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A0",
 }

I get this error which indicates that Net::SIP::SocketPool It cannot support all versions ssl

1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol

this is debug

1654098685.5654 DEBUG:<90> Net::SIP::Leg::new[155]: created socket on 37.49.230.178:5061
1654098685.5908 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=3 rw(0) sock=37.49.230.178:5061
1654098685.5913 DEBUG:<10> Net::SIP::Endpoint::new_request[156]: create new request for REGISTER within new call d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50> Net::SIP::Endpoint::new_request[164]: request=REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5919 DEBUG:<50>      Call-id: d17085871842c89df197179aff244846
1654098685.5919 DEBUG:<50>      Contact: 123wqe <sips:[email protected]>
1654098685.5919 DEBUG:<50>      Cseq: 1 REGISTER
1654098685.5919 DEBUG:<50>      Expires: 40000
1654098685.5919 DEBUG:<50>      From: 123wqe <sips:[email protected]:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5919 DEBUG:<50>      Max-forwards: 70
1654098685.5919 DEBUG:<50>      To: 123wqe <sips:[email protected]:5061>
1654098685.5919 DEBUG:<50>      Content-length: 0
1654098685.5919 DEBUG:<50>
1654098685.5919 DEBUG:<50>
1654098685.5923 DEBUG:<50> Net::SIP::Dispatcher::resolve_uri[777]: setting dst_addr leg to 124.219.75.161:5061 from outgoing_proxy
1654098685.5925 DEBUG:<50> Net::SIP::Dispatcher::__deliver[656]: deliver through leg Net::SIP::Leg tls:37.49.230.178:5061 @124.219.75.161:5061
1654098685.5933 DEBUG:<2> Net::SIP::Leg::deliver[426]: delivery with tls from 37.49.230.178:5061 to 124.219.75.161:5061:
1654098685.5933 DEBUG:<2>       REGISTER sips:124.219.75.161:5061 SIP/2.0
1654098685.5933 DEBUG:<2>       Via: SIP/2.0/TLS 37.49.230.178;branch=z9hG4bK00e9f4efe35faaa9bdbb57f0567e0aa6da27d1fe67b18e42d2d556d9e98c1b
1654098685.5933 DEBUG:<2>       Call-id: d17085871842c89df197179aff244846
1654098685.5933 DEBUG:<2>       Contact: 123wqe <sips:[email protected]>
1654098685.5933 DEBUG:<2>       Cseq: 1 REGISTER
1654098685.5933 DEBUG:<2>       Expires: 40000
1654098685.5933 DEBUG:<2>       From: 123wqe <sips:[email protected]:5061>;tag=beae3abb08105677bb76aacce212c8d6
1654098685.5933 DEBUG:<2>       Max-forwards: 70
1654098685.5933 DEBUG:<2>       To: 123wqe <sips:[email protected]:5061>
1654098685.5933 DEBUG:<2>       Content-length: 0
1654098685.5933 DEBUG:<2>
1654098685.5933 DEBUG:<2>
1654098685.5937 DEBUG:<40> Net::SIP::SocketPool::sendto[259]: need new tcp socket to 124.219.75.161:5061
1654098685.5943 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[312]: timeout sockets
1654098685.5944 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[330]: timeout sockets - need timer
1654098685.5946 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(1) sock=37.49.230.178:39921
1654098685.8318 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=1
1654098685.8320 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[91]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) disable rw(1) fn=4 sock=37.49.230.178:39921
1654098685.8321 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[694]: upgrade to SSL client
1654098685.8337 DEBUG:<40> Net::SIP::SocketPool::_tls_connect[716]: TLS connect - want read
1654098685.8338 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::addFD[61]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) added fn=4 rw(0) sock=37.49.230.178:39921
1654098686.0719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[217]: call cb on fn=4 rw=0
1654098686.0725 DEBUG:<1> Net::SIP::SocketPool::_error[349]: SSL connect failed: SSL connect attempt failed error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
1654098686.0726 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=4 sock=37.49.230.178:39921
1654098686.5669 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(disp_expire) 1654098686.56348 repeat=<undef>
1654098686.5670 DEBUG:<50> Net::SIP::Dispatcher::queue_expire[576]: next expire <undef>
1654098693.5719 DEBUG:<50> Net::SIP::Dispatcher::Eventloop::loop[172]: trigger timer(socketpool-timeout) 1654098693.56348 repeat=8
1654098693.5723 DEBUG:<99> Net::SIP::SocketPool::_timeout_sockets[340]: timer cancel
E6:6C:16:52:59:3F:9B:D2:7A:A4:4C:4A:FE:DE:12:75:30:2E:9E:A01654098725.6161 DEBUG:<99> Net::SIP::Dispatcher::Eventloop::delFD[80]: Net::SIP::Dispatcher::Eventloop=HASH(0x564c3d6e7b00) delete fn=3 sock=37.49.230.178:5061

CodePudding user response：

It is likely that the default security level on your system is set to 2 so that older TLS versions are disabled by default. But one can disable this:

my $ua = Net::SIP::Simple->new(
  ....
  tls => {
      SSL_fingerprint => ...,
      SSL_cipher_list => 'DEFAULT:@SECLEVEL=1', # allow more ciphers
      SSL_version => 'TLSv1',  # enforce TLSv1
  }
);