How can we help you today?
Start a new topic
Answered

SNI support in snom 821 web client requests?

(posted second time due to error on 1st post)

Hi,
I have a snom 821 with the current latest firmware, configured to get its settings (setting_server) via an httpS url.
After setting the URL and rebooting, it works fine.
But after every X seconds of refresh, there are errors in the logs showing that the phone requested the default https site (eg: https://1.2.3.4) on the server, and gets an invalid/self-signed certificate error, (instead of requesting the virtual host with the 'real' signed certificate https://sub.domain.com)
The only thing I can think of, is that the phone http client requesting the settings from the setting_server doesn't support SNI (ssl server name indication), and thus fails to request the correct site,  resulting in a failed certificate check - which is correct as the default https site has a self signed certificate.
If this is the case, could you please confirm that you intend to correct this in a future firmware release?
Thank you

 


Best Answer

Hi Robert,


please note, the implementation of SNI support is currently "in the works".


We like to share with you a testing version in advance (no productive use please! ) for your verification:


http://downloads.snom.com/fw/misc/sni-beta/snom821-8.7.5.201607192208-SIP-r.bin


Your feedback regarding the SNI support is much appreciated!


Thanks and greetings from Berlin,

Jan


Answer

Hi Robert,


please note, the implementation of SNI support is currently "in the works".


We like to share with you a testing version in advance (no productive use please! ) for your verification:


http://downloads.snom.com/fw/misc/sni-beta/snom821-8.7.5.201607192208-SIP-r.bin


Your feedback regarding the SNI support is much appreciated!


Thanks and greetings from Berlin,

Jan

Hi Jan,
sorry I haven't had time to try out the new firmware and I probably won't have the opportunity until late Sept..
I will follow up once I get the chance to try it (and reconfigure the web site).
Thanks for confirming my suspicions though
Regards
RF.

 

Hi Jan, is SNI available in firmwares that have been released in the past year?

We are looking for SNI support in Snom 300, 320, 710/720 and the D7xx series. I couldn't find any mention about it in the changelog.

Hello Matthias,


please note that SNI support was implemented in models / FW with OpenSSL support. As the legacy Snom 3xx and PA1 cannot support OpenSSL, it will not become available for such. Due to hardware limitation such legacy models use our own Snom TLS stack, instead of OpenSSL.


For Snom 710/720 and D7xx and the new D3xx series you will find it supported in current Release 8.9.3.60: http://wiki.snom.com/Firmware/V8_9_3_60 from May 2017.


Thanks and greetings from Berlin,

Jan

Login or Signup to post a comment