[SR-Users] WSS connection is getting dropped after BYE is sent

Hi, I have successfully configured Kamailio for WSS support using the below instructions. Everything works perfectly except, when call is hanged up from the receiving end, Kamailio sends BYE and the browser disconnects websocket connection right after getting response from Kamailio with the following error message: Firefox: WebSocket connection to 'ws://localhost:3001/websocket' failed: Invalid frame headerChrome: The connection to ws://localhost:3001/websocket was interrupted while the page was loading. Everything works perfectly over plain websocket(WS). Kamailio is sending something with the websocket that the browsers do not like. But im not sure what it is. If somebody faced same issue before or can give any clue that would be really helpful. Thanks in advanced! Date: Fri, 17 Oct 2014 18:33:17 -0700 From: gascagonzalo(a)gmail.com To: sr-users(a)lists.sip-router.org CC: ben(a)langfeld.me Subject: Re: [SR-Users] Configuring TLS and WSS with Kamailio Hi Ben, In regards your certificates, please double check the following:a) CN field:In your webrtc client check the URL used for wss. and verify it matches the CN field of the certificate installed in kamailio:Example:In my sipml5 client I configured wss://ramenlabs.io:5063 and my certificate in fact contains in the cn field ramenlabs.io Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=ramenlabs.io openssl x509 -in /etc/certs/sip.192.168.146.133/cert.pem -noout -text b) I have successfully configured Kamailio 4.1 with TLS and WSS using TLS port 5063Topology:1) sipml5 --wss--> ngnix -wss-> kamailio (sip registrar)2) sipml5 --wss---> kamailio Relevant configurations:kamailio.cfgtls.cfgcertificates Kamailio: loading modules under /usr/lib/x86_64-linux-gnu/kamailio/modules/ Listening on udp: 172.31.27.85:5060 tcp: 172.31.27.85:5060 tcp: 172.31.27.85:5062 tls: 172.31.27.85:5061 tls: 172.31.27.85:5063 Aliases: tls: ip-172-31-27-85.us-west-2.compute.internal:5063 tls: ip-172-31-27-85.us-west-2.compute.internal:5061 tcp: ip-172-31-27-85.us-west-2.compute.internal:5062 tcp: ip-172-31-27-85.us-west-2.compute.internal:5060 udp: ip-172-31-27-85.us-west-2.compute.internal:5060 *: ramenlabs.io:* *: 172.31.27.85:* kamailio.cfgtls.cfg https://github.com/spicyramen/llamato/blob/LlamatoReg/kamailio.cfg https://github.com/spicyramen/llamato/blob/LlamatoReg/tls.cfg openssl s_client -connect 172.31.27.85:5063 where this i my internal IP address I get presented the certificates. HTH -G On Fri, Oct 17, 2014 at 5:10 PM, Kamrul Khan &lt;dodul(a)live.com&gt; wrote: ok. I have made some changes. rather than getting the TLS configaration from a file I added this lines: #!ifdef WITH_TLS# ----- tls params ----- modparam("tls", "private_key", "/etc/certs/sip.192.168.146.133/key.pem")modparam("tls", "certificate", "/etc/certs/sip.192.168.146.133/cert.pem")modparam("tls", "ca_list", "/etc/certs/demoCA/cert.pem") now, Im getting different logs which looks good. Getting positive results from openssl test, openssl s_client -connect 192.168.146.133:5061 -tls1CONNECTED(00000003)^C But when I try to connect using my webRTC client or even from web-browsers im getting timed out. I think im close .. please help me fixing this issue. Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSs<default>: tls_method=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSs<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSs<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSs<default>: crl='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSs<default>: require_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSs<default>: cipher_list='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSs<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSs<default>: verify_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSs<default>: verify_depth=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:670]: set_verification(): TLSs<default>: No client certificate required and no checks performedOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:275]: fill_missing(): TLSc<default>: tls_method=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:287]: fill_missing(): TLSc<default>: certificate='/etc/certs/sip.192.168.146.133/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:294]: fill_missing(): TLSc<default>: ca_list='/etc/certs/demoCA/cert.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:301]: fill_missing(): TLSc<default>: crl='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:305]: fill_missing(): TLSc<default>: require_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:312]: fill_missing(): TLSc<default>: cipher_list='(null)'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:319]: fill_missing(): TLSc<default>: private_key='/etc/certs/sip.192.168.146.133/key.pem'Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:323]: fill_missing(): TLSc<default>: verify_certificate=0Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:326]: fill_missing(): TLSc<default>: verify_depth=9Oct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12123]: INFO: tls [tls_domain.c:673]: set_verification(): TLSc<default>: Server MAY present invalid certificateOct 17 16:35:38 ubuntu /usr/local/kamailio-devel//sbin/kamailio[12136]: INFO: ctl [io_listener.c:225]: io_listen_loop(): io_listen_loop: using epoll_lt io watch method (config)