WIKIABOUT

FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

Most popular tags

rut955 rut240 rut950 rutx11 rms vpn to openvpn wifi not sms trb140 firmware connection - ipsec on rutx12 rutx09 modbus
We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.

SMS Forwarding To Email, RUT240, TLS

0 votes
420 views 6 comments
by anonymous

Hi,

on RUT240 (RUT2XX_R_00.01.14), the SMS2Email service use explicit TLS1 in openssl s_connect command.

TLS1 and TLS1.1 are deprecated. Is there a way how to remove this option from openssl command? If missing the openssl will negotiate the  mutually supported protocol version.

My servers supports only TLS1.2 and TLS1.3 versions.

Not tested on another devices, but RUTX11 seems to work.

15536 root      3656 S    /sbin/sms_utils/sms_utils -r 7

15575 root      1528 S    sendmail -H exec openssl s_client -quiet -connect fire.hudecof.net:465 -tls1 -starttls smtp -f sms@apps.hudecof

15576 root      3860 S    openssl s_client -quiet -connect fire.hudecof.net:465 -tls1 -starttls smtp

   regards

      Peter Hudec

by anonymous

Found it at least on 2 places

  • /usr/sbin/eventslog_report.sh, shell script, could be fixed
  • /usr/sbin/messaged, binary, need to be recompiled
The sms2email service seems to use the binary, so I need to wait for new firmware ;(
by anonymous

Same issue with RUT955

Seems the all devices based on the SDJ have this issue

https://wiki.teltonika-networks.com/view/Software_Development_Kit

by anonymous

for RUTX11 the hardcoced TLS is TLS1.2.

I do not understand, why do you force this settings.

Would it be possible to remove this options or to add an configuration switch to UI?

  regards

     Peter Hudec

1 Answer

0 votes
by anonymous
Hello,

If you want to do some custom developments in the master firmware you can do it on SDK provided

https://wiki.teltonika-networks.com/view/Software_Development_Kit

For SDK guide:

https://wiki.teltonika-networks.com/view/RUTX_Software_Development_Kit_instructions

If you think this is not you area  to make changes in SDK , so you can contact your sales manager for this custom developments .

Thank you.

Regards,

Ahmed
by anonymous

Hi Ahmed,

this is not about the custom development. From my point of view this is BUG, that needs to be fixed.

TLS1 and TLS1.1 are deprecated, see https://tools.ietf.org/html/rfc8996

You should not use these protocols any more.

The RutOS is forcing the TLS1.0 on client side. That means that TLS1 must be listed as supported version on server side. This is security risk. Please give me good reason why to force version on client side as you do.

s_client man page, relevant section

       -ssl3, -tls1, -tls1_1, -tls1_2, -tls1_3, -no_ssl3, -no_tls1,

       -no_tls1_1, -no_tls1_2, -no_tls1_3

           These options require or disable the use of the specified SSL or

           TLS protocols.  By default s_client will negotiate the highest

           mutually supported protocol version.  When a specific TLS version

           is required, only that version will be offered to and accepted from

           the server.  Note that not all protocols and flags may be

           available, depending on how OpenSSL was built.
by anonymous
Hello,

Consulting with R&D.

Thanks
by anonymous
Hello,

I have shared a link for test firmware in DM . Please test it and let me know the results.

Thanks .