Hello,
you trimmed the output, but I guess that the connection stayed open and no errors were printed in kamailio logs.
That means, kamailio is doing ok. If the web browser has issues connecting over tls, then the problem is somewhere else. Check the logs/console of the browser to see if you get any hints there.
You can also list the tcp/tls connection via RPC and see if the connection you expect is there.
Cheers,
Daniel
Hi Daniel,
This is the result:
openssl s_client -connect sip.mydomain.com:5061 -tlsextdebug
CONNECTED(00000005)TLS server extension "supported versions" (id=43), len=20000 - 03 04 ..TLS server extension "key share" (id=51), len=360000 - 00 1d 00 20 3b 06 9a e5-21 16 73 b1 db 04 55 47 ... ;...!.s...UG0010 - 33 5a e0 98 af bf ba 3e-e6 0d 69 40 38 f8 c8 0b 3Z.....>..i@8...0020 - ed 79 f2 48 .y.HTLS server extension "server name" (id=0), len=0depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3verify return:1depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt AuthorityX3verify return:1depth=0 CN = sip.mydomain.comverify return:1---Certificate chain0 s:CN = sip.mydomain.comi:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X31 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3i:O = Digital Signature Trust Co., CN = DST Root CA X3---Server certificate-----BEGIN CERTIFICATE-----
[REDACTED]
-----END CERTIFICATE-----subject=CN = sip.mydomain.com
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt AuthorityX3
---No client certificate CA names sentPeer signing digest: SHA256Peer signature type: RSA-PSSServer Temp Key: X25519, 253 bits---SSL handshake has read 3115 bytes and written 400 bytesVerification: OK---New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384Server public key is 2048 bitSecure Renegotiation IS NOT supportedCompression: NONEExpansion: NONENo ALPN negotiatedEarly data was not sentVerify return code: 0 (ok)---read:errno=0
-- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Funding: https://www.paypal.me/dcmierla