In Wireshark I see an Alert Handshake failure, coming from the Kamailio
server.
[image: image.png]
The same in ssldump:
[image: image.png]
My first thought is that something is wrong with the SSL ciphers on the
server where Kamailio is running, this is the list I'm getting from the MS
in the Client Hello packet:
[image: image.png]
Maybe the openssl version is too old on the server running kamailio?
OpenSSL 1.0.2k-fips 26 Jan 2017
On Fri, 24 Feb 2023 at 08:31, Sergey Safarov <s.safarov(a)gmail.com> wrote:
You can capture pcap via TLS port and check using Wireshark.
It may provided some info.
On Thu, Feb 23, 2023, 8:33 PM <iliusha.md(a)gmail.com> wrote:
>
> Hello,
>
> We have one Kamailio Instance connected with MS Teams (based on this
instruction:
https://skalatan.de/en/blog/kamailio-sbc-teams), which worked
fine for a while until recently we noticed that calls from teams are not
working anymore. When I looked through the logs I found that Microsoft
cannot establish a TLS connection to our server because of the cipher:
> TLS accept:error:1408A0C1:SSL
routines:ssl3_get_client_hello:no shared
cipher (sni:
sbc.example.com - domain is
obfuscated).
> Certificate is valid, the configuration is below:
>
> [server:default]
> method = TLSv1.2+
> verify_certificate = no
> require_certificate = no
> private_key = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.key
> certificate = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.crt
> server_name =
sbc1-teams.example.net
> ca_list = /usr/local/etc/kamailio/certs/sectigo_ca.pem
> #ca_list=/etc/ssl/certs/ca-bundle.crt
>
> [client:default]
> method = TLSv1.2+
> verify_certificate = no
> require_certificate = no
> private_key = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.key
> certificate = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.crt
> ca_list =
/usr/local/etc/kamailio/certs/sectigo_ca.pem
> #ca_list=/etc/ssl/certs/ca-bundle.crt
>
> We use a certificate from Sectigo, but I've tried with Let's Encrypt -
and it's the same. Any idea what could be the reason?
>
__________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
the
sender!
Edit mailing
list options or unsubscribe:
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the
sender!
Edit mailing list options or unsubscribe: