<!-- Kamailio Project uses GitHub Issues only for bugs in the code or feature requests. Please use this template only for bug reports. If you have questions about using Kamailio or related to its configuration file, ask on sr-users mailing list: * https://lists.kamailio.org/mailman3/postorius/lists/sr-users.lists.kamailio… If you have questions about developing extensions to Kamailio or its existing C code, ask on sr-dev mailing list: * https://lists.kamailio.org/mailman3/postorius/lists/sr-dev.lists.kamailio.o… Please try to fill this template as much as possible for any issue. It helps the developers to troubleshoot the issue. Note that an issue report may be closed automatically after about 2 months if there is no interest from developers or community users on pursuing it, being considered expired. In such case, it can be reopened by writing a comment that includes the token `/notexpired`. About two weeks before considered expired, the issue is marked with the label `stale`, trying to notify the submitter and everyone else that might be interested in it. To remove the label `stale`, write a comment that includes the token `/notstale`. Also, any comment postpone the `expire` timeline, being considered that there is interest in pursuing the issue. If there is no content to be filled in a section, the entire section can be removed. You can delete the comments from the template sections when filling. You can delete next line and everything above before submitting (it is a comment). --> ### Description While trying latest kamailio 5.7 branch, when tls_threads_mode is set to 1, it fails to load self signed certificates. Setting tls_threads_mode to 0 works as expected. Certificates are self signed for a local test env, generated with openssl 3.x. ### Troubleshooting The issue is very similar to https://github.com/kamailio/kamailio/issues/3737 but in my case the openssl config seems correct, and happens only enabling the tls_threads_mode #### Reproduction Certs have been generated with `openssl req -new -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out server.pem -keyout server.key` [server.pem.txt](https://github.com/kamailio/kamailio/files/14384611/server.… [server.key.txt](https://github.com/kamailio/kamailio/files/14384612/server.… (these are self signed cert for testing, nothing that cannot be shared) My tls.cfg is very simple: ``` [server:default] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/server.key certificate = /etc/kamailio/server.pem [client:default] method = TLSv1.2+ verify_certificate = no require_certificate = no ``` #### Log Messages <!-- Check the syslog file and if there are relevant log messages printed by Kamailio, add them next, or attach to issue, or provide a link to download them (e.g., to a pastebin site). --> ``` 1(35) NOTICE: tls [tls_domain.c:1168]: ksr_tls_fix_domain(): registered server_name callback handler for socket [:0], server_name='<default>' ... 1(35) ERROR: tls [tls_domain.c:590]: load_cert(): TLSs<default>: Unable to load certificate file '/etc/kamailio/server.pem' 1(35) ERROR: tls [tls_util.h:49]: tls_err_ret(): load_cert:error:03000072:digital envelope routines::decode error (sni: unknown) 1(35) ERROR: tls [tls_util.h:49]: tls_err_ret(): load_cert:error:0A00018F:SSL routines::ee key too small (sni: unknown) 1(35) ERROR: <core> [core/sr_module.c:913]: init_mod_child(): error while initializing module tls (/usr/lib/x86_64-linux-gnu/kamailio/modules/tls.so) ``` ### Possible Solutions Don't use tls_threads_mode for now. ### Additional Information * **Kamailio Version** - output of `kamailio -v` ``` version: kamailio 5.7.4 (x86_64/linux) a0dfb8 flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select. id: a0dfb8 compiled with gcc 11.4.0 ``` Actually this is built from 5.7 branch, on commit a0dfb8cbdf4282040351e9dc014d9ef13e0e77fd * **Operating System**: <!-- Details about the operating system, the type: Linux (e.g.,: Debian 8.4, Ubuntu 16.04, CentOS 7.1, ...), MacOS, xBSD, Solaris, ...; Kernel details (output of `lsb_release -a` and `uname -a`) --> Containerized Ubunu jammy, updated as of today. -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3764 You are receiving this because you are subscribed to this thread. Message ID: &lt;kamailio/kamailio/issues/3764(a)github.com&gt;