This is a read-only archive of the Mumble forums.

This website archives and makes accessible historical state. It receives no updates or corrections. It is provided only to keep the information accessible as-is, under their old address.

For up-to-date information please refer to the Mumble website and its linked documentation and other resources. For support please refer to one of our other community/support channels.

Jump to content

Public Registration

titanshadow

By titanshadow,
in Technical

 Share

Recommended Posts

titanshadow Newbie

titanshadow

Posted
Posted

I am trying to let my server register itself on the public server list. I have followed the instructions and I have a proper CA signed certificate. No errors for SSL are given to me when I sign in with any client to the server. The server is running on a VPS running Ubuntu 14.04 LTS. I have filled in the RegistrationName, Password, and other information as outlined in the Wiki as well. I have no ServerPassword and I have my country code set, and it is the same as my certificate and my domain name.


For some reason, I am getting the following error:

2015-12-05 23:50:25.402 1 => Registration failed: SSL handshake failed


I am using mumble-django to manage the server, but I have configured the ini with the same registration information as the server in django, so they match (including the certificates).


Any help would be appreciated.

Link to comment
Share on other sites
  • Moderators
fwaggle Newbie

fwaggle

Posted
  • Moderators
Posted

"Registration failed" means that the problem described is on your side of the connection (counter-intuitively, if you get an error message in the form "Registration: something went wrong", that's a response from the list server).


You might try using the openssl command line client to connect to the list server, something like this (RTFM I might be a bit rusty):

 

openssl s_client -connect mumble.hive.no:443 -cert /path/to/mumble/cert.pem -key /path/to/mumble/key.pem

... and see if you get anything sane, or an error message. I'm not sure if, for example, Mumble ships with the root cert for the CA that mumble.hive.no uses, that would likely result in that message. If your cert also has a bundle, I think you need to include that as well since about OpenSSL 0.9.8 or so, they silently "fixed" that violation of SSL specs (the client must be able to validate it's own certificate before even trying to present it to the server).


Finally, if you're using a StartSSL Class 1 certificate, they (IIRC, I reserve the right to be wrong :)) don't have the TLS bit and therefore can't act as a client certificate for TLS, so there's nothing you can do but get a better cert.

Full disclosure: I used to run a commercial Mumble host, and my opinions do not reflect the opinions of the Mumble project.

Avatar is stolen from here

Link to comment
Share on other sites
titanshadow Newbie

titanshadow

Posted
  • Author
Posted

Well, since you weren't sure, I tried the test you said... I think I do have the TLS bit because I use TLS with my mail server with works with a StartSSL cert. The problem might be the chained certificates. Here is what I get...


Issuing the command:

openssl s_client -connect mumble.hive.no:443 -CAfile /root/ssl/new-cert/sub.class1.server.ca.pem -cert /root/ssl/new-cert/hal.crt -key /root/ssl/new-cert/ssl.key


Comes out with this output:

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384

Server public key is 4096 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : TLSv1.2

Cipher : ECDHE-RSA-AES256-GCM-SHA384

Session-ID:

Session-ID-ctx:

Master-Key: XXXX

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

Start Time: 1449362892

Timeout : 300 (sec)

Verify return code: 0 (ok)


I'm going to try to do a few things with the SSL system here, perhaps that will work.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...