Hi,
Have you tried using the tlsa module and linking it to a modern openssl 1 release, had
similar problems due to an old version of openssl lurking in the package repositories of
the distro I was using
Get Outlook for Android<https://aka.ms/AAb9ysg>
________________________________
From: Leonid Fainshtein <leonid.fainshtein(a)xorcom.com>
Sent: Sunday, February 26, 2023 6:51:19 AM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: [SR-Users] Re: Kamailio MS Teams TLS Issue
Hi,
Try this:
modparam("tls", "renegotiation", 1)
Best regards,
Leonid Fainshtein
[
https://gmopn.com/api/v1/track/email/view/608535f77fc26b8402a04a3e/16773942…]
On Fri, Feb 24, 2023 at 12:47 PM
<iliusha.md@gmail.com<mailto:iliusha.md@gmail.com>> wrote:
In Wireshark I see an Alert Handshake failure, coming from the Kamailio server.
Transport Layer Security
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
Content Type: Alert (21)
Version: TLS 1.2 (0x0303)
Length: 2
Alert Message
Level: Fatal (2)
Description: Handshake Failure (40)
My first thought is that something is wrong with the SSL ciphers on the server where
Kamailio is running, this is the list I'm getting from the MS in the Client Hello
packet:
Cipher Suites (8 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
And I see some of them available on the server:
[root@srv kamailio]# openssl ciphers -v | grep 'ECDHE-RSA-AES'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
TLS module configuration is very basic:
# ----- tls settings -----
modparam("tls", "config",
"/usr/local/etc/kamailio/tls.cfg")
modparam("tls", "tls_disable_compression", 1)
modparam("tls", "connection_timeout", 300)
Can be that the openssl version is pretty old maybe?
[root@srv kamailio]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
Kamailio Version: version: kamailio 5.6.3 (x86_64/linux) ea782b
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to
sr-users-leave@lists.kamailio.org<mailto:sr-users-leave@lists.kamailio.org>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe: