[kamailio/kamailio] WSS-connections show up as <null> in $tls_version and $tls_cypher_info (Issue #4167) - sr-dev

7 Mar 2025


      ChristianBergerSipgate created an issue (kamailio/kamailio#4167)
Hi,
we have found a potential bug. The pseudo variables return null for WSS connections.
Example config:
`xlog("L_INFO", "<mainLogic> REGISTER: TLS or WSS detected: fU=$fU tls_version=$tls_version tls_cipher_info=$tls_cipher_info ua=$ua\n");`
Log output:
`Mar  7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "ERROR", "module": "tls", "file": "tls_select.c", "line": 131, "function": "get_cur_connection", "message": "Transport protocol is not TLS (bug in config)\n" }
Mar  7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "INFO", "module": "tls", "file": "tls_select.c", "line": 310, "function": "get_version", "message": "TLS connection not found in select_version\n" }
Mar  7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "ERROR", "module": "tls", "file": "tls_select.c", "line": 131, "function": "get_cur_connection", "message": "Transport protocol is not TLS (bug in config)\n" }
Mar  7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "INFO", "module": "tls", "file": "tls_select.c", "line": 201, "function": "get_cipher", "message": "TLS connection not found in select_cipher\n" }
Mar  7 08:37:28 sip-tcploadbalancer01 /usr/sbin/kamailio[1268940]: { "level": "INFO", "module": "xlog", "file": "xlog.c", "line": 278, "function": "", "message": "<mainLogic> REGISTER: TLS or WSS detected: fU=1125411e0 tls_version=<null> tls_cipher_info=<null> ua=webphone\n" }`
As you can see both tls_version and tls_cipher_info return <null> even though the underlying connection is via WSS.
We have looked into it, and it seems like `get_cur_connection` in `modules/tls/tls_select.c` only checks for TLS, but not WSS.
```
struct tcp_connection *get_cur_connection(struct sip_msg *msg)
{
        struct tcp_connection *c;
if(_tls_pv_con != 0)
                return _tls_pv_con;
if(msg->rcv.proto != PROTO_TLS) {
                ERR("Transport protocol is not TLS (bug in config)\n");
                return 0;
        }
c = tcpconn_get(msg->rcv.proto_reserved1, 0, 0, 0,
                        cfg_get(tls, tls_cfg, con_lifetime));
        if(c && c->type != PROTO_TLS) {
                ERR("Connection found but is not TLS\n");
                tcpconn_put(c);
                return 0;
        }
        return c;
}
```
We think that checking for `PROTO_WSS` might solve the issue.
-- 
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/4167
You are receiving this because you are subscribed to this thread.

Message ID: kamailio/kamailio/issues/4167@github.com