Jump to content
Mumble forums

Public Registration


titanshadow
 Share

Recommended Posts

I am trying to let my server register itself on the public server list. I have followed the instructions and I have a proper CA signed certificate. No errors for SSL are given to me when I sign in with any client to the server. The server is running on a VPS running Ubuntu 14.04 LTS. I have filled in the RegistrationName, Password, and other information as outlined in the Wiki as well. I have no ServerPassword and I have my country code set, and it is the same as my certificate and my domain name.


For some reason, I am getting the following error:

2015-12-05 23:50:25.402 1 => Registration failed: SSL handshake failed


I am using mumble-django to manage the server, but I have configured the ini with the same registration information as the server in django, so they match (including the certificates).


Any help would be appreciated.

Link to comment
Share on other sites

  • Moderators

"Registration failed" means that the problem described is on your side of the connection (counter-intuitively, if you get an error message in the form "Registration: something went wrong", that's a response from the list server).


You might try using the openssl command line client to connect to the list server, something like this (RTFM I might be a bit rusty):

 

openssl s_client -connect mumble.hive.no:443 -cert /path/to/mumble/cert.pem -key /path/to/mumble/key.pem

... and see if you get anything sane, or an error message. I'm not sure if, for example, Mumble ships with the root cert for the CA that mumble.hive.no uses, that would likely result in that message. If your cert also has a bundle, I think you need to include that as well since about OpenSSL 0.9.8 or so, they silently "fixed" that violation of SSL specs (the client must be able to validate it's own certificate before even trying to present it to the server).


Finally, if you're using a StartSSL Class 1 certificate, they (IIRC, I reserve the right to be wrong :)) don't have the TLS bit and therefore can't act as a client certificate for TLS, so there's nothing you can do but get a better cert.

Full disclosure: I used to run a commercial Mumble host, and my opinions do not reflect the opinions of the Mumble project.

Avatar is stolen from here

Link to comment
Share on other sites

Well, since you weren't sure, I tried the test you said... I think I do have the TLS bit because I use TLS with my mail server with works with a StartSSL cert. The problem might be the chained certificates. Here is what I get...


Issuing the command:

openssl s_client -connect mumble.hive.no:443 -CAfile /root/ssl/new-cert/sub.class1.server.ca.pem -cert /root/ssl/new-cert/hal.crt -key /root/ssl/new-cert/ssl.key


Comes out with this output:

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384

Server public key is 4096 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : TLSv1.2

Cipher : ECDHE-RSA-AES256-GCM-SHA384

Session-ID:

Session-ID-ctx:

Master-Key: XXXX

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

Start Time: 1449362892

Timeout : 300 (sec)

Verify return code: 0 (ok)


I'm going to try to do a few things with the SSL system here, perhaps that will work.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...