Hello Kamailio!
I'm etting up a kamailio server where it will receive STIP TLS connections from Zoom.
kamailio is closing TLS connections with error stating "SSL routines::no shared cipher (sni: unknown)" as below
Sep 18 13:28:02 dalia kamailio[18529]: 9(18529) DEBUG: tls [tls_server.c:270]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7fbcd1e9dac8 ctx 0x7fbcd2229258 sn []) Sep 18 13:28:02 dalia kamailio[18529]: 9(18529) DEBUG: tls [tls_domain.c:1018]: tls_server_name_cb(): SSL_get_servername returned NULL: return SSL_TLSEXT_ERR_NOACK Sep 18 13:28:02 dalia kamailio[18529]: 9(18529) DEBUG: <core> [core/tcp_main.c:2845]: tcpconn_do_send(): sending... Sep 18 13:28:02 dalia kamailio[18529]: 9(18529) DEBUG: <core> [core/tcp_main.c:2881]: tcpconn_do_send(): after real write: c= 0x7fbcd3cb85d0 n=7 fd=8 Sep 18 13:28:02 dalia kamailio[18529]: 9(18529) DEBUG: <core> [core/tcp_main.c:2882]: tcpconn_do_send(): buf= Sep 18 13:28:02 dalia kamailio[18529]: [3B blob data] Sep 18 13:28:02 dalia kamailio[18529]: 9(18529) ERROR: tls [tls_server.c:1312]: tls_h_read_f(): protocol level error Sep 18 13:28:02 dalia kamailio[18529]: 9(18529) ERROR: tls [tls_util.h:49]: tls_err_ret(): TLS accept:error:0A0000C1:SSL routines::no shared cipher (sni: unknown)
did a tcpdump trace to check the ciphers Zoom are using in the TLS client hello, and there are 4 and are supported by openssl on TLSv1.2, BUT the reis no server_name extension in the client hello. is this related to kamailio refusing the connection because there is no server_name in the client hello or something else?, if yes can it be forced to accept TLS connection without server_name specified ?
my tls.cfg file is below
[server:default] method = TLSv1.2 verify_certificate = no require_certificate = no private_key = /etc/kamailio/key.pem certificate = /etc/kamailio/certificate.pem ca_list = /etc/ssl/certs/ca-certificates.crt ca_path = /etc/ssl/certs
[client:default] method = TLSv1.2+ verify_certificate = no require_certificate = no