40x8 (4018,4028,403) https provisioning

[thajacabela]

Hello,

I've got some 40x8 terminals successfully sip transformed. I can autoprovision it with HTTP without problem, now I try do the same with secure protocol HTTPS but I get handshake error (It could be different protocol server and phone, I dont know). I can connet to server https with any browser and get sipconfig.txt without problem.

The error in nginx: SSL_do_handshake() failed (SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher)

Some data:

Phone version 2.12.40 , run mode SIP
And phone has a certificate like that:
issuer: /CN=Wired Phones/C=FR/O=Alcatel-Lucent/OU=PKI Authority
subject: /CN=<MACADDRESS>/C=FR/O=Alcatel-Lucent/OU=PKI Authority


Server is Centos 7, and http server is nginx-1.12.2-1.el7.x86_64, config:

Code: Select all

server {
        listen 443 ssl;
        ssl     on;
        ssl_certificate      /etc/ssl/certs/nginx.crt;
        ssl_certificate_key  /etc/ssl/private/nginx.key;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv2 SSLv3;
        server_name 10.2.132.15;
        location / {
                root    /var/www;
        }        
}

And error in log (nginx error.log)

Code: Select all

2018/03/26 14:34:31 [debug] 1716#0: epoll: fd:6 ev:0001 d:00007F16AFF86010
2018/03/26 14:34:31 [debug] 1716#0: accept on 0.0.0.0:443, ready: 0
2018/03/26 14:34:31 [debug] 1712#0: epoll: fd:6 ev:0001 d:00007F16AFF86010
2018/03/26 14:34:31 [debug] 1709#0: epoll: fd:6 ev:0001 d:00007F16AFF86010
2018/03/26 14:34:31 [debug] 1715#0: epoll: fd:6 ev:0001 d:00007F16AFF86010
2018/03/26 14:34:31 [debug] 1712#0: accept on 0.0.0.0:443, ready: 0
2018/03/26 14:34:31 [debug] 1716#0: posix_memalign: 00005639D48B0E60:512 @16
2018/03/26 14:34:31 [debug] 1709#0: accept on 0.0.0.0:443, ready: 0
2018/03/26 14:34:31 [debug] 1715#0: accept on 0.0.0.0:443, ready: 0
2018/03/26 14:34:31 [debug] 1716#0: *2 accept: 10.2.132.17:1024 fd:7
2018/03/26 14:34:31 [debug] 1712#0: accept() not ready (11: Resource temporarily unavailable)
2018/03/26 14:34:31 [debug] 1712#0: timer delta: 8968130
2018/03/26 14:34:31 [debug] 1716#0: *2 event timer add: 7: 60000:1522067731005
2018/03/26 14:34:31 [debug] 1715#0: accept() not ready (11: Resource temporarily unavailable)
2018/03/26 14:34:31 [debug] 1712#0: worker cycle
2018/03/26 14:34:31 [debug] 1709#0: accept() not ready (11: Resource temporarily unavailable)
2018/03/26 14:34:31 [debug] 1715#0: timer delta: 8968130
2018/03/26 14:34:31 [debug] 1716#0: *2 reusable connection: 1
2018/03/26 14:34:31 [debug] 1712#0: epoll timer: -1
2018/03/26 14:34:31 [debug] 1709#0: timer delta: 8968122
2018/03/26 14:34:31 [debug] 1715#0: worker cycle
2018/03/26 14:34:31 [debug] 1716#0: *2 epoll add event: fd:7 op:1 ev:80002001
2018/03/26 14:34:31 [debug] 1709#0: worker cycle
2018/03/26 14:34:31 [debug] 1715#0: epoll timer: -1
2018/03/26 14:34:31 [debug] 1716#0: timer delta: 8968130
2018/03/26 14:34:31 [debug] 1716#0: worker cycle
2018/03/26 14:34:31 [debug] 1709#0: epoll timer: -1
2018/03/26 14:34:31 [debug] 1716#0: epoll timer: 60000
2018/03/26 14:34:31 [debug] 1716#0: epoll: fd:7 ev:0001 d:00007F16AFF861E0
2018/03/26 14:34:31 [debug] 1716#0: *2 http check ssl handshake
2018/03/26 14:34:31 [debug] 1716#0: *2 http recv(): 1
2018/03/26 14:34:31 [debug] 1716#0: *2 https ssl handshake: 0x80
2018/03/26 14:34:31 [debug] 1716#0: *2 SSL_do_handshake: -1
2018/03/26 14:34:31 [debug] 1716#0: *2 SSL_get_error: 1
2018/03/26 14:34:31 [info] 1716#0: *2 SSL_do_handshake() failed (SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher) while SSL handshaking, client: 10.2.132.17, server: 0.0.0.0:443
2018/03/26 14:34:31 [debug] 1716#0: *2 close http connection: 7
2018/03/26 14:34:31 [debug] 1716#0: *2 SSL_shutdown: 1
2018/03/26 14:34:31 [debug] 1716#0: *2 event timer del: 7: 1522067731005
2018/03/26 14:34:31 [debug] 1716#0: *2 reusable connection: 0
2018/03/26 14:34:31 [debug] 1716#0: *2 free: 00005639D48B0E60, unused: 160
2018/03/26 14:34:31 [debug] 1716#0: timer delta: 32
2018/03/26 14:34:31 [debug] 1716#0: worker cycle
2018/03/26 14:34:31 [debug] 1716#0: epoll timer: -1

In the phone screen "no http response".

Sorry my english and thanks in advance.

[tovardiego769]

Hi, my name is Diego I'm trying to install 4018EE as a SIP, you can tell me how you did it (provisioning), thanks in advanced

[tovardiego769]

Hi thajacabela, thank´s for you early answer, my 4018EE have:
Phone version NOE:
4.33.81 Boot 4.10.01
Phone version SIP 2.00.81, run mode SIP
I´m trying to init 4018 phone with static IP, TFTP OXE, inside /usr2/downbin/ folder, there are (sipconfig.txt and sipconfig-MacAddress.txt) files, but there is always an error informing that http protocol is not reached, it is not clear to me, because at any time I have indicated that I will use that protocol, sorry also for my English and thanks in advance. I speak Spanish.

[thajacabela]

Diego,

First of all, the phone must be configured in SIP mode, then via dhcp option 67 point to web server, and last, you must copy config.txt and config-MAC.txt to the webserver.

I'm not using OXE, I use ISC DHCP server:

example dhcpd.conf

Code: Select all

option space ALU;
option ALU.tftp-server-address code 64 = text;
option ALU.https-server-address code 67 = text;
class "vendor-classes" {
	match option vendor-class-identifier;
}
subclass "vendor-classes" "alcatel.sip.0" {
   vendor-option-space ALU;
    option ALU.https-server-address "http://WEBSERVERIP";
}
subnet DHCP_NET netmask DHCP_NETMASK
{   
        range DCHP_RANGE_INI   DCHP_RANGE_END;
        option subnet-mask DHCP_NETMASK;
        option routers DHCP_ROUTER;
        default-lease-time 43200;
        max-lease-time 172800;
	
	next-server TFTP_SERVER;
}

I don't know if you can modify dhcp options in OXE, or send values when client is "alcatel.sip.0" (and not "alcatel.noe.0"). Or if there is a web server in OXE machine (which port? firewall?). I'm using NGINX on linux.

[tovardiego769]

Hi thajacabela, thank´s again for your time.