Hi, I have a snom 821 with the current latest firmware, configured to get its settings (setting_server) via an httpS url. After setting the URL and rebooting, it works fine. But after every X seconds of refresh, there are errors in the logs showing that the phone requested the default https site (eg: https://1.2.3.4) on the server, and gets an invalid/self-signed certificate error, (instead of requesting the virtual host with the 'real' signed certificate https://sub.domain.com) The only thing I can think of, is that the phone http client requesting the settings from the setting_server doesn't support SNI (ssl server name indication), and thus fails to request the correct site, resulting in a failed certificate check - which is correct as the default https site has a self signed certificate. If this is the case, could you please confirm that you intend to correct this in a future firmware release? Thank you
Best Answer
J
Jan Boguslawski
said
over 2 years ago
Hi Robert,
please note, the implementation of SNI support is currently "in the works".
We like to share with you a testing version in advance (no productive use please! ) for your verification:
Your feedback regarding the SNI support is much appreciated!
Thanks and greetings from Berlin,
Jan
R
Robert Fitzjohn
said
over 2 years ago
Hi Jan, sorry I haven't had time to try out the new firmware and I probably won't have the opportunity until late Sept.. I will follow up once I get the chance to try it (and reconfigure the web site). Thanks for confirming my suspicions though Regards RF.
M
Matthias van der Heide
said
over 1 year ago
Hi Jan, is SNI available in firmwares that have been released in the past year?
We are looking for SNI support in Snom 300, 320, 710/720 and the D7xx series. I couldn't find any mention about it in the changelog.
J
Jan Boguslawski
said
over 1 year ago
Hello Matthias,
please note that SNI support was implemented in models / FW with OpenSSL support. As the legacy Snom 3xx and PA1 cannot support OpenSSL, it will not become available for such. Due to hardware limitation such legacy models use our own Snom TLS stack, instead of OpenSSL.
For Snom 710/720 and D7xx and the new D3xx series you will find it supported in current Release 8.9.3.60: http://wiki.snom.com/Firmware/V8_9_3_60 from May 2017.
Robert Fitzjohn
Hi,
I have a snom 821 with the current latest firmware, configured to get its settings (setting_server) via an httpS url.
After setting the URL and rebooting, it works fine.
But after every X seconds of refresh, there are errors in the logs showing that the phone requested the default https site (eg: https://1.2.3.4) on the server, and gets an invalid/self-signed certificate error, (instead of requesting the virtual host with the 'real' signed certificate https://sub.domain.com)
The only thing I can think of, is that the phone http client requesting the settings from the setting_server doesn't support SNI (ssl server name indication), and thus fails to request the correct site, resulting in a failed certificate check - which is correct as the default https site has a self signed certificate.
If this is the case, could you please confirm that you intend to correct this in a future firmware release?
Thank you
Hi Robert,
please note, the implementation of SNI support is currently "in the works".
We like to share with you a testing version in advance (no productive use please! ) for your verification:
http://downloads.snom.com/fw/misc/sni-beta/snom821-8.7.5.201607192208-SIP-r.bin
Your feedback regarding the SNI support is much appreciated!
Thanks and greetings from Berlin,
Jan
- Oldest First
- Popular
- Newest First
Sorted by Oldest FirstJan Boguslawski
Hi Robert,
please note, the implementation of SNI support is currently "in the works".
We like to share with you a testing version in advance (no productive use please! ) for your verification:
http://downloads.snom.com/fw/misc/sni-beta/snom821-8.7.5.201607192208-SIP-r.bin
Your feedback regarding the SNI support is much appreciated!
Thanks and greetings from Berlin,
Jan
Robert Fitzjohn
sorry I haven't had time to try out the new firmware and I probably won't have the opportunity until late Sept..
I will follow up once I get the chance to try it (and reconfigure the web site).
Thanks for confirming my suspicions though
Regards
RF.
Matthias van der Heide
Hi Jan, is SNI available in firmwares that have been released in the past year?
We are looking for SNI support in Snom 300, 320, 710/720 and the D7xx series. I couldn't find any mention about it in the changelog.
Jan Boguslawski
Hello Matthias,
please note that SNI support was implemented in models / FW with OpenSSL support. As the legacy Snom 3xx and PA1 cannot support OpenSSL, it will not become available for such. Due to hardware limitation such legacy models use our own Snom TLS stack, instead of OpenSSL.
For Snom 710/720 and D7xx and the new D3xx series you will find it supported in current Release 8.9.3.60: http://wiki.snom.com/Firmware/V8_9_3_60 from May 2017.
Thanks and greetings from Berlin,
Jan
-
LDAP and country code
-
Settings are changed when user logs on
-
USB Bluetooth compatibility for D725
-
Low volume with Plantronics Headset
-
Change Log for FW 8.8.3.32
-
Subscriptions failing after time since upgrade to 8.7.5.28
-
SNOM 870 - INBAND DTMF
-
SNOM 320 + Headset Plantronics CS540A with Snom EHS
-
Configure Settings - Set all to Read Only
-
Can't enter "+" sign in directory via WUI
See all 496 topics