argo-uln
commented
5 years ago Good day! I connected to matrix network by Riot Android V0.8.21 (Gb 161) client. I ran tcpdump on the gateway. I am attaching part of the ssldump log. I want to check the TLS version when making a voice call. The Android client has negotiated with the server on the TLSv1.0. Cipher 0xc014 (TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) was selected. Then the connection was reset altogether. Server homonoia.matrix.org has an expired certificate. I also ran tests on my Synapse server. Ubuntu 18.04.1 LTS. Matrix-synapse Version: 0.34.0.1-0matrix1. Coturn Version: 4.5.0.8-1. With IOS client connection when carrying a voice call is established TLSv1.2. With the Android client, the connection is TLSv1.0. ssldump -i bge0 -A host 192.168.150.69 New TCP connection #1: 192.168.150.69(52621) <-> homonoia.matrix.org(443) New TCP connection #2: 192.168.150.69(47649) <-> homonoia.matrix.org(3478) 1 1 0.0688 (0.0688) C>SV3.1(94) Handshake ClientHello Version 3.1 random[32]= 9d 5c 48 b5 ee bb c2 72 d4 d8 aa 27 d0 33 01 ed e5 1a a7 b0 8d a3 03 ec 24 ff db e7 ee ac 92 fb cipher suites TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 1 2 0.1285 (0.0597) S>CV3.1(61) Handshake ServerHello Version 3.1 random[32]= 77 a9 2c bb 41 23 8b f4 ce 5e c2 27 5b a9 32 e2 31 3c de b4 1b d2 39 74 3c e4 df e5 62 95 e6 ff session_id[0]=
cipherSuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL1 3 0.1286 (0.0000) S>CV3.1(2151) Handshake Certificate 1 4 0.1286 (0.0000) S>CV3.1(331) Handshake ServerKeyExchange 1 5 0.1286 (0.0000) S>CV3.1(4) Handshake ServerHelloDone 1 6 0.1397 (0.0111) C>SV3.1(2) Alert level fatal value certificate_expired
hrj
Reported by RS: https://github.com/matrix-org/riot-android-rageshakes/issues/3512