System and Network Management

Hello,

I work for the State of MA VoIP team and we are required to use TLS 1.3 for most of our agencies the one issue that it causes is the added complexity of troubleshooting calls. So I'm looking to see if it's possible to get the private key from a vendor's cloud SBC R10.1.x environment so I can decrypt the calls so we can see all of the packets and hear the calls we are testing.

I'm mainly looking for traffic between our SBC's and Avaya Workplace 3.35.x Softphones, but it would be helpful to be able to do the same between our session managers and our headphones as well.

I already set the environment variable and have the session keys logging to a file that I added to the TLS(SSL) protocol properties dialog, I'm just not sure how to get the private keys and if they just go in the same properties or if there are other settings I need to change as well.

It would be very unusual for a company to give you the private keys of a device you don't own.  Heck, even extracting the private keys from devices you do own is not often trivial.

If it's hosted, an Avaya SBCE, and they give you login access to it, use the "traceSBC" tool so you can see the decrypted SIP traffic in transit.  If they are using another branded SBC they may have a similar tool or may just not allow you to get access to that encrypted traffic.

Hello,

I work for the State of MA VoIP team and we are required to use TLS 1.3 for most of our agencies the one issue that it causes is the added complexity of troubleshooting calls. So I'm looking to see if it's possible to get the private key from a vendor's cloud SBC R10.1.x environment so I can decrypt the calls so we can see all of the packets and hear the calls we are testing.

I'm mainly looking for traffic between our SBC's and Avaya Workplace 3.35.x Softphones, but it would be helpful to be able to do the same between our session managers and our headphones as well.

I already set the environment variable and have the session keys logging to a file that I added to the TLS(SSL) protocol properties dialog, I'm just not sure how to get the private keys and if they just go in the same properties or if there are other settings I need to change as well.

Thank you, Nick,

Part of the contract was to allow us access to the system as needed.

I haven't been in a situation where I've needed to use "traceSBC" in a long time (R5), just normally use wireshark from from the desktop end of the call and our vendor would get it from the SBC, but will ask about getting access to it and relearn how to use it.

Would it only give me the point of view from the SBC or would I also be able to pull up and see the packets from the end point's point of view?

Thanks,

Ray

It would be very unusual for a company to give you the private keys of a device you don't own.  Heck, even extracting the private keys from devices you do own is not often trivial.

If it's hosted, an Avaya SBCE, and they give you login access to it, use the "traceSBC" tool so you can see the decrypted SIP traffic in transit.  If they are using another branded SBC they may have a similar tool or may just not allow you to get access to that encrypted traffic.

Hello,

I work for the State of MA VoIP team and we are required to use TLS 1.3 for most of our agencies the one issue that it causes is the added complexity of troubleshooting calls. So I'm looking to see if it's possible to get the private key from a vendor's cloud SBC R10.1.x environment so I can decrypt the calls so we can see all of the packets and hear the calls we are testing.

I'm mainly looking for traffic between our SBC's and Avaya Workplace 3.35.x Softphones, but it would be helpful to be able to do the same between our session managers and our headphones as well.

I already set the environment variable and have the session keys logging to a file that I added to the TLS(SSL) protocol properties dialog, I'm just not sure how to get the private keys and if they just go in the same properties or if there are other settings I need to change as well.