rm -r /usr/src/asterisk*/
cd /usr/src
wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-18-current.tar.gz
tar xfz asterisk-18-current.tar.gz
rm asterisk-18-current.tar.gz
cd /usr/src/asterisk*
patch -p1 < 1-mediasec-18.11.patch
patch -p1 < 2-mediasec-18.11.patch
patch -p1 < 3-res_srtp_aes_256.diff
contrib/scripts/get_mp3_source.sh
./configure --with-pjproject-bundled --with-jansson-bundled --with-bluetooth
make menuselect.makeopts
menuselect/menuselect --enable codec_opus_open_source menuselect.makeopts
menuselect/menuselect --enable CORE-SOUNDS-EN-WAV --enable CORE-SOUNDS-EN-ULAW menuselect.makeopts
menuselect/menuselect --enable CORE-SOUNDS-EN-GSM --enable CORE-SOUNDS-EN-G722 menuselect.makeopts
menuselect/menuselect --enable EXTRA-SOUNDS-EN-WAV --enable EXTRA-SOUNDS-EN-ULAW menuselect.makeopts
menuselect/menuselect --enable EXTRA-SOUNDS-EN-GSM --enable EXTRA-SOUNDS-EN-G722 menuselect.makeopts
menuselect/menuselect --enable format_mp3 --enable chan_mobile --enable app_macro menuselect.makeopts
make
fwconsole stop
rm -r /usr/lib/asterisk/*
cd /usr/src/asterisk*
make install
rm /usr/src/asterisk*/sounds/*.tar.gz
rm /var/lib/asterisk/sounds/tmp/*
fwconsole start
fwconsole reload
pjsip trunk (endpoint):
- transport: tls (TLS 1.2)
- enable SRTP for this trunk
File pjsip.endpoint_custom_post.conf:
[your name of the trunk](+type=endpoint)
support_mediasec=1
File pjsip.registration_custom_post.conf:
[your name of the trunk](+type=registration)
support_mediasec=true
258962 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx: Call (TLS:217.0.27.162:5061) to extension '08xxxxxxxxxxxx' sending 100 Trying
258963 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx: Method is INVITE, Response is 100 Trying
258964 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx
258965 [2022-04-06 15:29:53] DEBUG[145591] netsock2.c: Splitting '217.0.27.162' into...
258966 [2022-04-06 15:29:53] DEBUG[145591] netsock2.c: ...host '217.0.27.162' and port ''.
258967 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx Event: TSX_STATE Inv State: INCOMING
258968 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Function session_inv_on_state_changed called on event TSX_STATE
258969 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: The state change pertains to the endpoint 'Telekom_08xxxxxxxxxxxx()'
258970 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: The inv session still has an invite_tsx (0x7f2404bd68)
258971 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: There is no transaction involved in this state change
258972 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: The current inv state is INCOMING
258973 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx: Source of transaction state change is TX_MSG
258974 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c:
258975 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx TSX State: Proceeding Inv State: INCOMING
258976 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Function session_inv_on_tsx_state_changed called on event TSX_STATE
258977 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: The state change pertains to the endpoint 'Telekom_08xxxxxxxxxxxx()'
258978 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: The inv session still has an invite_tsx (0x7f2404bd68)
258979 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: The UAS INVITE transaction involved in this state change is 0x7f2404bd68
258980 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: The current transaction state is Proceeding
258981 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: The transaction state change event is TX_MSG
258982 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: The current inv state is INCOMING
258983 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Nothing delayed
258984 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx TSX State: Proceeding Inv State: INCOMING
258985 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Topology: Pending: (null topology) Active: (null topology)
258986 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c:
258987 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx: Media count: 1
258988 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx: Processing stream 0
258989 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx: Using audio-0 for new stream name
258990 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx: Using new stream 0:audio-0:audio:sendrecv (nothing)
258991 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx Adding position 0
258992 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Creating new media session
258993 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Setting media session as default for audio
258994 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Done
258995 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx: Negotiating incoming SDP media stream 0:audio-0:audio:sendrecv (nothing) using audio SDP handler
258996 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_sdp_rtp.c: Telekom_08xxxxxxxxxxxx
258997 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_sdp_rtp.c: Incompatible transport
258998 [2022-04-06 15:29:53] ERROR[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx: Couldn't negotiate stream 0:audio-0:audio:sendrecv (nothing)
258999 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx: Couldn't negotiate stream 0:audio-0:audio:sendrecv (nothing)
259000 [2022-04-06 15:29:53] DEBUG[145591] res_pjsip_session.c: Telekom_08xxxxxxxxxxxx: Handled? no
rasterisk
pjsip show transport [telekom-transport]
Transport: <TransportId........> <Type> <cos> <tos> <BindAddress....................>
==========================================================================================
Transport: telekom-transport tls 3 184 ....
ParameterName : ParameterValue
=============================================================
[...]
method : tlsv1_2
[...]
protocol : tls
pjsip show endpoint [telekom]
[...]
ParameterName : ParameterValue
===================================================================================================
[...]
allow : (alaw|ulaw)
direct_media : false
media_encryption : sdes
media_encryption_optimistic : false
support_mediasec : true
transport : telekom-transport
[...]
pjsip show registration [telekom]
<Registration/ServerURI..............................> <Auth..........> <Status.......>
==========================================================================================
telekom/sip:tel.t-online.de telekom Registered
ParameterName : ParameterValue
============================================================
[...]
support_mediasec : true
[...]
[...]
v=0
o=- 824609997613823 3845290956 IN IP4 217.0.x.y
s=-
c=IN IP4 217.0.x.y
t=0 0
m=audio 47034 RTP/SAVP 8 101
a=sendrecv
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=maxptime:20
a=3ge2ae:applied
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:oPeU...
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:A2P...
pjsip show transport 10.17.3.166-tls
Transport: <TransportId........> <Type> <cos> <tos> <BindAddress....................>
==========================================================================================
Transport: 10.17.3.166-tls tls 3 184 10.17.3.166:5061
ParameterName : ParameterValue
===============================================================
allow_reload : false
async_operations : 1
bind : 10.17.3.166:5061
ca_list_file : /etc/ssl/certs/ca-certificates.crt
ca_list_path :
cert_file :
cipher :
cos : 3
domain :
external_media_address :
external_signaling_address :
external_signaling_port : 0
local_net : 10.17.0.0/255.255.252.0
method : tlsv1_2
password :
priv_key_file :
protocol : tls
require_client_cert : No
symmetric_transport : false
tos : 184
verify_client : No
verify_server : Yes
websocket_write_timeout : 100
pjsip show endpoint Telekom_08xxxxxxxxxxx
Endpoint: <Endpoint/CID.....................................> <State.....> <Channels.>
I/OAuth: <AuthId/UserName...........................................................>
Aor: <Aor............................................> <MaxContact>
Contact: <Aor/ContactUri..........................> <Hash....> <Status> <RTT(ms)..>
Transport: <TransportId........> <Type> <cos> <tos> <BindAddress..................>
Identify: <Identify/Endpoint.........................................................>
Match: <criteria.........................>
Channel: <ChannelId......................................> <State.....> <Time.....>
Exten: <DialedExten...........> CLCID: <ConnectedLineCID.......>
==========================================================================================
Endpoint: Telekom_08xxxxxxxxxxx Not in use 0 of inf
OutAuth: Telekom_08xxxxxxxxxxx/+498xxxxxxxxxxx
Aor: Telekom_08xxxxxxxxxxx 0
Contact: Telekom_08xxxxxxxxxxx/sip:08xxxxxxxxxxx@tel. 6606beb2a9 Avail 15.533
Transport: 10.17.3.166-tls tls 3 184 10.17.3.166:5061
Identify: Telekom_08xxxxxxxxxxx/Telekom_08xxxxxxxxxxx
Match: 217.0.21.2/32
Match: 217.0.28.33/32
Match: 217.0.29.33/32
Match: 217.0.27.161/32
Match: 217.0.27.162/32
Match: 217.0.29.36/32
Match: 217.0.28.34/32
ParameterName : ParameterValue
===================================================================================================
100rel : yes
accept_multiple_sdp_answers : false
accountcode :
acl :
aggregate_mwi : true
allow : (g722|alaw|opus)
allow_overlap : true
allow_subscribe : true
allow_transfer : true
allow_unauthenticated_options : false
aors : Telekom_08xxxxxxxxxxx
asymmetric_rtp_codec : false
auth :
bind_rtp_to_media_address : false
bundle : false
call_group :
callerid : <unknown>
callerid_privacy : allowed_not_screened
callerid_tag :
codec_prefs_incoming_answer : prefer:pending, operation:intersect, keep:all, transcode:allow
codec_prefs_incoming_offer : prefer:pending, operation:intersect, keep:all, transcode:allow
codec_prefs_outgoing_answer : prefer:pending, operation:intersect, keep:all, transcode:allow
codec_prefs_outgoing_offer : prefer:pending, operation:union, keep:all, transcode:allow
connected_line_method : invite
contact_acl :
contact_user : 08xxxxxxxxxxx
context : from-pstn-de
cos_audio : 0
cos_video : 0
device_state_busy_at : 0
direct_media : false
direct_media_glare_mitigation : none
direct_media_method : invite
disable_direct_media_on_nat : false
dtls_auto_generate_cert : No
dtls_ca_file :
dtls_ca_path :
dtls_cert_file :
dtls_cipher :
dtls_fingerprint : SHA-256
dtls_private_key :
dtls_rekey : 0
dtls_setup : active
dtls_verify : No
dtmf_mode : rfc4733
fax_detect : false
fax_detect_timeout : 0
follow_early_media_fork : true
force_avp : false
force_rport : true
from_domain : tel.t-online.de
from_user : 08xxxxxxxxxxx
g726_non_standard : false
ice_support : false
identify_by : username,ip
ignore_183_without_sdp : false
inband_progress : false
incoming_call_offer_pref : local
incoming_mwi_mailbox :
language : de
mailboxes :
max_audio_streams : 1
max_video_streams : 1
media_address :
media_encryption : sdes
media_encryption_optimistic : false
media_use_received_transport : false
message_context :
moh_passthrough : false
moh_suggest : default
mwi_from_user :
mwi_subscribe_replaces_unsolicited : no
named_call_group :
named_pickup_group :
notify_early_inuse_ringing : false
one_touch_recording : false
outbound_auth : Telekom_08xxxxxxxxxxx
outbound_proxy :
outgoing_call_offer_pref : remote_merge
pickup_group :
preferred_codec_only : false
record_off_feature : automixmon
record_on_feature : automixmon
refer_blind_progress : true
rewrite_contact : true
rpid_immediate : false
rtcp_mux : false
rtp_engine : asterisk
rtp_ipv6 : false
rtp_keepalive : 0
rtp_symmetric : true
rtp_timeout : 0
rtp_timeout_hold : 0
sdp_owner : -
sdp_session : Asterisk
send_connected_line : no
send_diversion : true
send_history_info : false
send_pai : false
send_rpid : false
set_var :
srtp_tag_32 : false
stir_shaken : off
sub_min_expiry : 0
subscribe_context :
support_mediasec : true
suppress_q850_reason_headers : false
t38_bind_udptl_to_media_address : false
t38_udptl : false
t38_udptl_ec : none
t38_udptl_ipv6 : false
t38_udptl_maxdatagram : 0
t38_udptl_nat : false
timers : yes
timers_min_se : 90
timers_sess_expires : 1800
tone_zone :
tos_audio : 184
tos_video : 0
transport : 10.17.3.166-tls
trust_connected_line : yes
trust_id_inbound : false
trust_id_outbound : false
use_avpf : false
use_ptime : false
user_eq_phone : false
voicemail_extension :
webrtc : no
[2022-04-06 20:09:37] VERBOSE[75672] res_pjsip_logger.c: <--- Received SIP request (1917 bytes) from TLS:217.0.27.163:5061 --->
319949 INVITE sip:[email protected]:5061;transport=tcp;line=srmqzse SIP/2.0
319950 Max-Forwards: 60
319951 Via: SIP/2.0/TLS 217.0.27.163:5061;branch=z9hG4bKg3Zqkv7iz6cpvy2ebubt5txkz2235ks5c
319952 To: <sip:[email protected];user=phone>
319953 From: <sip:[email protected];user=phone>;tag=h7g4Esbg_p65554t1649268577m551849c45900s1_1135908240-276052959
319954 Call-ID: p65554t1649268577m551849c45900s2
319955 CSeq: 1 INVITE
319956 Contact: <sip:[email protected]:5061;transport=tls>;+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel"
319957 Record-Route: <sip:217.0.27.163:5061;transport=tls;lr>
319958 Accept-Contact: *;+g.3gpp.icsi-ref="urn%3Aurn-7%3A3gpp-service.ims.icsi.mmtel"
319959 Min-Se: 900
319960 P-Asserted-Identity: <sip:[email protected]>
319961 P-Asserted-Identity: <tel:+4917xxxxxxxxxxx>
319962 Session-Expires: 1800
319963 Supported: timer
319964 Supported: path
319965 Supported: replaces
319966 Supported: 100rel
319967 User-Agent: iOS/15.4.1 iPhone
319968 Content-Type: application/sdp
319969 Content-Length: 815
319970 Session-ID: c4044f69e42d0901a92f03ae74eb80fb
319971 Allow: REGISTER, REFER, NOTIFY, SUBSCRIBE, UPDATE, PRACK, MESSAGE, INFO, INVITE, ACK, OPTIONS, CANCEL, BYE
319972
319973 v=0
319974 o=- 824634288785969 113590793 IN IP4 217.0.27.163
319975 s=-
319976 c=IN IP4 217.0.134.71
319977 t=0 0
319978 a=sendrecv
319979 m=audio 7456 RTP/AVP 109 104 110 9 102 108 8 0 105 100
319980 a=sendrecv
319981 a=rtpmap:109 EVS/16000
319982 a=rtpmap:104 AMR-WB/16000
319983 a=rtpmap:110 AMR-WB/16000
319984 a=rtpmap:9 G722/8000
319985 a=rtpmap:102 AMR/8000
319986 a=rtpmap:108 AMR/8000
319987 a=rtpmap:8 PCMA/8000
319988 a=rtpmap:0 PCMU/8000
319989 a=rtpmap:105 telephone-event/16000
319990 a=rtpmap:100 telephone-event/8000
319991 a=fmtp:109 max-red=0; br=5.9-24.4; bw=nb-swb; cmr=1; ch-aw-recv=-1
319992 a=fmtp:104 mode-set=0,1,2; mode-change-capability=2; max-red=0
319993 a=fmtp:110 octet-align=1; mode-set=0,1,2; mode-change-capability=2; max-red=0
319994 a=fmtp:102 mode-change-capability=2; max-red=0
319995 a=fmtp:108 octet-align=1; mode-change-capability=2; max-red=0
319996 a=fmtp:105 0-15
319997 a=fmtp:100 0-15
319998 a=maxptime:40
319999 a=ptime:20
[...]
v=0
o=- 824609997613823 3845290956 IN IP4 217.0.x.y
s=-
c=IN IP4 217.0.x.y
t=0 0
m=audio 47034 RTP/SAVP 8 101
a=sendrecv
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=maxptime:20
a=3ge2ae:applied
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:oPeU...
a=crypto:2 AES_CM_128_HMAC_SHA1_32 inline:A2P...
Der muss schon die richtigen ziehen, weil ja die mediasec-Erweiterung aus dem Patch in der Konfig-Ausgabe enthalten sind (zumindest beim Endpoint habe ich sie gesehen - Registierungs-Output steht ja noch aus - hatte ich vergessen ursprünglich).kannst du denn verifizieren, dass FreePBX bzw. dein System tatsächlich die von dir gebaute Asterisk Binaries und Libs benutzt und nicht noch *irgendwo* die ursprünglichen rumkullern?
pjsip show registration Telekom_08xxxxxxxxxxx
<Registration/ServerURI..............................> <Auth..........> <Status.......>
==========================================================================================
Telekom_08xxxxxxxxxxx/sip:tel.t-online.de Telekom_08xxxxxxxxxxx Registered
ParameterName : ParameterValue
===========================================================
auth_rejection_permanent : true
client_uri : sip:[email protected]
contact_header_params :
contact_user : 08xxxxxxxxxxx
endpoint : Telekom_08xxxxxxxxxxx
expiration : 660
fatal_retry_interval : 0
forbidden_retry_interval : 10
line : true
max_retries : 10000
outbound_auth : Telekom_08xxxxxxxxxxx
outbound_proxy :
retry_interval : 60
server_uri : sip:tel.t-online.de
support_mediasec : false
support_outbound : no
support_path : false
transport : 10.17.3.166-tls
[Telekom_08xxxxxxxxxx]](+type=registration)
support_mediasec=true
[Edit Novize: Überflüssiges Fullquote gelöscht - siehe Forumsregeln]
Das sieht ja alles erstmal ganz ok aus. Offensichtlich zieht die Einstellung in pjsip.registration_custom_post.conf nicht. Wird die pjsip.registration_custom_post.conf überhaupt angezogen? Da Du ja kein original-FreePBX verwendest, könnte das das Problem sein:In meiner pjsip.registration_custom_post.conf steht
pjsip.conf:#include pjsip.registration_custom_post.conf
;--------------------------------------------------------------------------------;
; Do NOT edit this file as it is auto-generated by FreePBX. ;
;--------------------------------------------------------------------------------;
; For information on adding additional paramaters to this file, please visit the ;
; FreePBX.org wiki page, or ask on IRC. This file was created by the new FreePBX ;
; BMO - Big Module Object. Any similarity in naming with BMO from Adventure Time ;
; is totally deliberate. ;
;--------------------------------------------------------------------------------;
#include pjsip_custom.conf
#include pjsip.transports.conf
#include pjsip.transports_custom_post.conf
#include pjsip.endpoint.conf
#include pjsip.endpoint_custom_post.conf
#include pjsip.aor.conf
#include pjsip.aor_custom_post.conf
#include pjsip.auth.conf
#include pjsip.auth_custom_post.conf
#include pjsip.registration.conf
#include pjsip.registration_custom_post.conf
#include pjsip.identify.conf
#include pjsip.identify_custom_post.conf
pjsip send unregister *all
No response received from 'sip:tel.t-online.de' on registration attempt to 'sip:[email protected]'
#pjsip show transport transport-tls
Transport: <TransportId........> <Type> <cos> <tos> <BindAddress....................>
==========================================================================================
Transport: transport-tls tls 3 184 0.0.0.0:5061
ParameterName : ParameterValue
============================================================
allow_reload : false
async_operations : 1
bind : 0.0.0.0:5061
ca_list_file : /etc/asterisk/keys/ca.crt
ca_list_path :
cert_file : /etc/asterisk/keys/asterisk.crt
cipher :
cos : 3
domain :
external_media_address :
external_signaling_address :
external_signaling_port : 0
local_net :
method : tlsv1_2
password :
priv_key_file : /etc/asterisk/keys/asterisk.key
protocol : tls
require_client_cert : No
symmetric_transport : false
tos : 184
verify_client : No
verify_server : Yes
websocket_write_timeout : 100
<--- Transmitting SIP request (727 bytes) to TLS:217.0.139.xxx:5061 --->
REGISTER sip:tel.t-online.de SIP/2.0
Via: SIP/2.0/TLS 10.0.0.1:5061;rport;branch=z9hG4bKPjd59fe02f-4f81-46fd-8316-81d0e568eec9;alias
From: <sip:[email protected]>;tag=0d68932d-ab3a-4aff-b8fe-49c3fcd81920
To: <sip:[email protected]>
Call-ID: 162a1a4f-6bba-42fa-a111-fcde9f759cc0
CSeq: 30994 REGISTER
Contact: <sip:[email protected]:5061;transport=TLS;line=hawwood>
Expires: 600
Allow: OPTIONS, REGISTER, SUBSCRIBE, NOTIFY, PUBLISH, INVITE, ACK, BYE, CANCEL, UPDATE, PRACK, REFER, MESSAGE
Security-Client: sdes-srtp;mediasec
Proxy-Require: mediasec
Require: mediasec
Max-Forwards: 70
User-Agent: Asterisk/V.18.11.3 (PBX)
Content-Length: 0
# openssl s_client --connect xxx000-000-xxx-xx-xx-001-ttls.edns.t-ipnet.de:5061
CONNECTED(00000003)
depth=2 C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
verify return:1
depth=1 C = DE, O = T-Systems International GmbH, OU = T-Systems Trust Center, ST = Nordrhein Westfalen, postalCode = 57250, L = Netphen, street = Untere Industriestr. 20, CN = TeleSec ServerPass Class 2 CA
verify return:1
depth=0 C = DE, O = Deutsche Telekom AG, ST = Hessen, L = Darmstadt, CN = tel.t-online.de
verify return:1
---
Certificate chain
0 s:C = DE, O = Deutsche Telekom AG, ST = Hessen, L = Darmstadt, CN = tel.t-online.de
i:C = DE, O = T-Systems International GmbH, OU = T-Systems Trust Center, ST = Nordrhein Westfalen, postalCode = 57250, L = Netphen, street = Untere Industriestr. 20, CN = TeleSec ServerPass Class 2 CA
1 s:C = DE, O = T-Systems International GmbH, OU = T-Systems Trust Center, ST = Nordrhein Westfalen, postalCode = 57250, L = Netphen, street = Untere Industriestr. 20, CN = TeleSec ServerPass Class 2 CA
i:C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIJ5jCCCM6gAwIBAgIQJYy+zMQfKhdB7wEfTUfUEDANBgkqhkiG9w0BAQsFADCB
3zELMAkGA1UEBhMCREUxJTAjBgNVBAoMHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFs
IEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxHDAaBgNVBAgM
E05vcmRyaGVpbiBXZXN0ZmFsZW4xDjAMBgNVBBEMBTU3MjUwMRAwDgYDVQQHDAdO
ZXRwaGVuMSAwHgYDVQQJDBdVbnRlcmUgSW5kdXN0cmllc3RyLiAyMDEmMCQGA1UE
AwwdVGVsZVNlYyBTZXJ2ZXJQYXNzIENsYXNzIDIgQ0EwHhcNMjIwNjIyMDgxMzU2
WhcNMjMwNjI2MjM1OTU5WjBqMQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNj
aGUgVGVsZWtvbSBBRzEPMA0GA1UECBMGSGVzc2VuMRIwEAYDVQQHEwlEYXJtc3Rh
ZHQxGDAWBgNVBAMTD3RlbC50LW9ubGluZS5kZTCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAONyg8VAY61IgcB884jYngzHr/Eay9A8YVm2ZCKPEGYmuAX2
VmNIODMKMZ8tQbQLsS70IiraOsamvMxys03OY9/ZjWVxxR89/0uPeB+57AL3aBan
fQ4wZtJmomPEPvn6N6bSpGtY7+4Mg4vP5wGHQ4vIySKobSifTg7vUo1xOxe4+kXc
/D7zEeuYReldYYJjaPhkJcEHGkMUxfaRBfL6EiTFK2J3+LccJd1f2V1+9ykXEZEC
kucObyh9RYqVnzcbrTcS22jA45LirKUK3Dpm3F0bWfHvr7U+MAJuUdX5svnx1aHm
8vhM1o1JzcUyIoCL39k1Z9aEdn6Cdy0BQIRJGTGPZtcZcM/52XuNPTog6p5YkhRo
RXtwX9quOOXdaIOsfsidRlzoi/Wy4zcvF+h8/5XVDSzv5k9QBzbZQSo0I9lVQIIr
NsVBk1i1z1mKSGp2KX7GscSSNpFdbDkKIz/ks5xv5+m7ViJe/V7N71FABgYfAdQu
dQ8IoOTWgLxnxQtJt2Exikc77Pjzsr/Tmt9oET1KIBrC1jO7rg+vuedBRTZYceTj
oqik/2DhS5LuZNHq/RNa+y00q4IdPw2CmsTbmJyejX0IlD4bgIOQZwzLT4D+7RZY
PijemVUSohqphoq9/Oo9VPseIdnQUut+FHcxTSB6J+IZjXxvJZFFeV/ZHKFPAgMB
AAGjggUQMIIFDDAfBgNVHSMEGDAWgBSUyHRG9Tq0Rkgm+CvKNB5WJgQSADAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMB0GA1Ud
DgQWBBRD5WqrWbgQkDpa2fLqCcGnMQqRBDBlBgNVHSAEXjBcMFAGCisGAQQBvUcN
FwEwQjBABggrBgEFBQcCARY0aHR0cDovL2RvY3Muc2VydmVycGFzcy50ZWxlc2Vj
LmRlL2Nwcy9zZXJ2ZXJwYXNzLmh0bTAIBgZngQwBAgIwSwYDVR0fBEQwQjBAoD6g
PIY6aHR0cDovL2NybC5zZXJ2ZXJwYXNzLnRlbGVzZWMuZGUvcmwvU2VydmVyUGFz
c19DbGFzc18yLmNybDCBmQYIKwYBBQUHAQEEgYwwgYkwMwYIKwYBBQUHMAGGJ2h0
dHA6Ly9vY3NwLnNlcnZlcnBhc3MudGVsZXNlYy5kZS9vY3NwcjBSBggrBgEFBQcw
AoZGaHR0cDovL2NybC5zZXJ2ZXJwYXNzLnRlbGVzZWMuZGUvY3J0L1RlbGVTZWNf
U2VydmVyUGFzc19DbGFzc18yX0NBLmNlcjAMBgNVHRMBAf8EAjAAMFAGA1UdEQRJ
MEeCD3RlbC50LW9ubGluZS5kZYIYKi5wcmltYXJ5LmNvbXBhbnlmbGV4LmRlghoq
LnNlY29uZGFyeS5jb21wYW55ZmxleC5kZTCCAukGCisGAQQB1nkCBAIEggLZBIIC
1QLTAHcArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgooAAAGBinmm/wAA
BAMASDBGAiEA97+yyC/X19yosljkFA/Wg0oMotrwa1mCH/NzEQ8AbBMCIQDHTQ6N
gbs2Up/iQHrLG7qjozfHl9uUls0BXm26bid4NAB3AG9Tdqwx8DEZ2JkApFEV/3cV
HBHZAsEAKQaNsgiaN9kTAAABgYp5pzcAAAQDAEgwRgIhAO13j+CIf5BBDNUbqvx5
ToiTWXq/ObkEoUoZ9rgqeLNjAiEAspozI1zQ+gNIvCMrQ/rkg6S5Mlly43usbWt/
+TPb9PYAdQB6MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYGKeadY
AAAEAwBGMEQCIC3+8d4JXAWZ8DRsWcC3sX/rhfihee3TffTk5eGDBiviAiAY3Z6/
0SOg5Sf1GaH+yTsAhhEQ2IunnZTV+i6+Y5AFJAB3AOg+0No+9QY1MudXKLyJa8kD
08vREWvs62nhd31tBr1uAAABgYp5pzsAAAQDAEgwRgIhAPXfdEabradjXtYzP/1D
m97TgZPRG+UGbSblQRngvyfiAiEAwp2N9+XMepWNGx10wSvYQ7qczhHZyp1OEiLG
spgzTzAAdwCzc3cH4YRQ+GOG1gWp3BEJSnktsWcMC4fc8AMOeTalmgAAAYGKeagJ
AAAEAwBIMEYCIQCLo+rKyNn0fwxd0k7pZTAcyTghQXtjcFJluD4gNE5OLgIhAPOl
MoLeRaR/Xn2ydIyERuD9hMFlVVCam7K5muwm2DoYAHYAVYHUwhaQNgFK6gubVzxT
8MDkOHhwJQgXL6OqHQcT0wwAAAGBinmoJgAABAMARzBFAiBfd9JlZF1EihEXzf9O
SZLEPjgJGNfOpK5PsltDw6W74gIhALEKcJTDF54ymvSPfSl9Ep6a6MBVzgaDwRJJ
u6Ksz0w/MA0GCSqGSIb3DQEBCwUAA4IBAQAgf4js4OtqU3VLgqKRA2NYlM1JSJQv
+5BMz1FPPTXtrFFDm2Z7q4Y4xgltFBXXvPc9ZIPcYllljKSGNbSnuOBxzd1b7wBC
qulZV30icT+tS3Cqrnaodl91nmEtb1QQtVggUVTqKTj0FioQXrFv5ZOomA8yvET0
UMz88UfAO3gooVqMEbHQX5ibT7yopWM40p+XIfKSKjNO+ME5JnOVrodsuLfcRYts
IAEUg5frrRglIUQbS/zsXhEZ7uA38FEo/bZkgLp8dNK349MyEtRrJfEb2Jzix8W9
VF7uyP3penug9FfoiDceUDXjoSc1PHUc/Ua3/3dAx/FRF8E7Z1K87dp3
-----END CERTIFICATE-----
subject=C = DE, O = Deutsche Telekom AG, ST = Hessen, L = Darmstadt, CN = tel.t-online.de
issuer=C = DE, O = T-Systems International GmbH, OU = T-Systems Trust Center, ST = Nordrhein Westfalen, postalCode = 57250, L = Netphen, street = Untere Industriestr. 20, CN = TeleSec ServerPass Class 2 CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4898 bytes and written 440 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: F133EAEABD250C7552CA56C6AA12DC...
Session-ID-ctx:
Master-Key: EB1AD4D2F6BD267E1A926EEDE08715E25FE713AA721C73C...
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 06 e0 f1 7c 53 02 c0 92-fa 67 51 ed 0c da 3f 46 ...|S....gQ...?F
0010 - 5d e6 98 3e 27 58 1e b2-30 7d 71 33 4d 0c 43 51 ]..>'X..0}q3M.CQ
0020 - 0e 2b 18 3d 42 a2 29 ee-65 33 84 ab 46 6e 12 b1 .+.=B.).e3..Fn..
0030 - 31 b0 34 72 aa 37 8d 7b-a8 58 c0 69 90 49 5c 8c 1.4r.7.{.X.i.I\.
0040 - a5 f8 3d 65 5f 25 a8 be-00 96 61 32 de 8c b0 a8 ..=e_%....a2....
0050 - 68 cd a0 6a 2e 90 a7 17-1f ae 68 34 9b 28 ab 2f h..j......h4.(./
0060 - da 82 8f be 2d 34 f0 97-f4 5b e0 5c 63 ed e3 d0 ....-4...[.\c...
0070 - 1e 66 a0 84 23 c2 55 73-07 c2 83 8b c2 fe 44 91 .f..#.Us......D.
0080 - cd 27 2d 29 18 d8 1d e0-e6 22 55 34 c2 11 e4 ed .'-)....."U4....
0090 - 1c 9e 28 4a ea 4d 4c b9-51 fa 51 0f 54 09 6d de ..(J.ML.Q.Q.T.m.
Start Time: 1658312370
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---