Vodia support Posted June 11, 2013 Report Share Posted June 11, 2013 http://wiki.snomone.com/index.php?title=Registering_counterpath_Bria_with_snomONE#Entering_you_account_information. Link to comment Share on other sites More sharing options...
metwest Posted June 12, 2013 Report Share Posted June 12, 2013 http://wiki.snomone.com/index.php?title=Registering_counterpath_Bria_with_snomONE#Entering_you_account_information. Was looking at this for Android but it has mixed reviews and is a little pricey compared to other soft phones It says it has extension presence. Does this mean I can see on the Bria app the other Snom One extensions including snom handsets busy state like a BLF key? Or does it just show a BLF of other Bria extensions? Link to comment Share on other sites More sharing options...
Vodia PBX Posted June 12, 2013 Report Share Posted June 12, 2013 I think for Android you can check out Sipdroid. I would not bet on presence of BLF on soft phones. But you can cobine this with the web-based attendant console information that you now get with version 5 when you log in as user. Link to comment Share on other sites More sharing options...
shapa Posted June 29, 2013 Report Share Posted June 29, 2013 Hi The issue is that BRIA (Desktop version to be exact) and SnomOne are not compatible in terms of SSL Ciphers - when we are trying to use TLS with Bria and SnomOne, Bria unable to register with a message in the error log regarding ciphers incompatibility Link to comment Share on other sites More sharing options...
Vodia PBX Posted June 29, 2013 Report Share Posted June 29, 2013 Bria actually checks the certificate, this is perfectly okay. What you need is to add the snom ONE certificate to the trust chain, then Bria can also work with TLS. You can check and do this by using your web browser and navigate to the snom ONE HTTP web interface and then use the browsers tools to add the certificate. Then Bria will also take it. Link to comment Share on other sites More sharing options...
shapa Posted June 29, 2013 Report Share Posted June 29, 2013 The certificate installed correctly, other clients works fine with TLS and no any browser complaining about - full trust chain is installed. Snom 870 hardware phones accepts certificate without issues as well. The error message is not in the Bria log but SnomOne PBX log (regarding "no common cipher") To be exact: [5] 20130629163907: SIP Tx udp:93.172.32.135:6198: SIP/2.0 200 Ok Via: SIP/2.0/UDP 93.172.32.135:6198;branch=z9hG4bK-d8754z-c3a3f1753276c863-1---d8754z-;rport=6198 From: <sip:3000@pbx.highperf.pro>;tag=b9bf9b48 To: <sip:3000@pbx.highperf.pro>;tag=5ebdc4ecca Call-ID: ZDlmMzIzZDA5MzQ4MDIyNGViMDdjMzZlZDdjZjk0OTM CSeq: 55 REGISTER Server: snomONE/5.0.10k Content-Length: 0 [5] 20130629163912: SIP 93.172.32.135:55773: No common cipher suite in client hello [5] 20130629163918: SIP 93.172.32.135:55774: No common cipher suite in client hello [5] 20130629163920: SIP Rx tcp:82.204.178.98:1107: " Therefore, I could assume that the issue is not related to the missing chain (but I could be wrong). Link to comment Share on other sites More sharing options...
Vodia PBX Posted June 29, 2013 Report Share Posted June 29, 2013 Okay, now it is getting interesting... What ciphers does Bria offer? Wireshark will show it. Link to comment Share on other sites More sharing options...
shapa Posted June 29, 2013 Report Share Posted June 29, 2013 Internet Protocol Version 4, Src: 10.0.0.3 (10.0.0.3), Dst: 78.40.149.11 (78.40.149.11) Transmission Control Protocol, Src Port: 58381 (58381), Dst Port: sip-tls (5061), Seq: 1, Ack: 1, Len: 156 Secure Sockets Layer TLSv1 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 151 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 147 Version: TLS 1.0 (0x0301) Random Session ID Length: 0 Cipher Suites Length: 38 Cipher Suites (19 suites) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016) Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a) Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013) Cipher Suite: TLS_DHE_RSA_WITH_DES_CBC_SHA (0x0015) Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009) Cipher Suite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0014) Cipher Suite: TLS_RSA_EXPORT_WITH_DES40_CBC_SHA (0x0008) Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012) Cipher Suite: TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA (0x0011) Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) Compression Methods Length: 1 Compression Methods (1 method) Extensions Length: 68 Extension: ec_point_formats Extension: elliptic_curves Extension: SessionTicket TLS http://gyazo.com/c47eaa2fd42438b2e2191422565ec3d2 Link to comment Share on other sites More sharing options...
Vodia PBX Posted June 30, 2013 Report Share Posted June 30, 2013 Okay... TLS_RSA_WITH_AES_256_CBC_SHA would be a candidate, however in TLS1.0 is it vulnerable anyway. RC4 might be old, but does not have the vulnerability. Is there any place where you can control what ciphers are being offered? We have to add TLS1.1 anyway, and then it makes sense to support the AES CBC modes as well. Link to comment Share on other sites More sharing options...
shapa Posted June 30, 2013 Report Share Posted June 30, 2013 Hi Unfortunately, there are no any settings regarding ciphers in Bria. Yes, I know that TLS 1.0 is ancient / vulnerable, but Bria developers decided to do that... Link to comment Share on other sites More sharing options...
Recommended Posts