23 Apr
2022
23 Apr
'22
5:53 a.m.
Hi Henning,
How are you? Thanks for the fast reply.
I understand the report is vague (sorry), and that is the reason I'm
asking for help. I don't see any other errors in the logs except the
SSL errors, and as this happens sporadically (had happened two times
only) during high connection numbers (over 400), I could not get more
relevant information. The symptom is the browser not being able to
open new connections. Restarting kamailio solves the issue, but that
is a burden because it disrupts usage for a few minutes.
I'll take your advice and upgrade the version and keep a close eye on it.
Thanks,
Vinicius
On Fri, Apr 22, 2022 at 11:50 AM Henning Westerholt <hw(a)gilawa.com> wrote:
Hello,
as pointed out before, the SSLv3 error message is misleading.
You need to be a bit more precise regarding your issue, "having a hard time" is
a bit too vague. Did you already made some analysis if it happens only during a certain
time of the day, or only certain clients etc..?
A bit of general advice, you could also consider doing an Kamailio update, 5.3.9 is end
of life.
Cheers,
Henning
--
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://gilawa.com
-----Original Message-----
From: sr-users <sr-users-bounces(a)lists.kamailio.org> On Behalf Of Vinicius Kwiecien
Ruoso
Sent: Friday, April 22, 2022 4:14 PM
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: [SR-Users] SSL errors with websocket clients
Hi all!
How are you?
I have a kamailio instance and some users are having issues connecting via websocket
using TLS. The logs show SSLv3 errors. Cannot find why that error would show up if SSLv2/3
is not enabled. Double checked it via SSLLabs that only TLSv1.2 is allowed in the
service.
Error sample:
```
15(36) ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094416:SSL
routines:ssl3_read_bytes:sslv3 alert certificate unknown
15(36) ERROR: <core> [core/tcp_read.c:1512]: tcp_read_req(): ERROR:
tcp_read_req: error reading - c: 0x7fafc8768190 r: 0x7fafc8768278 (-1) ```
This instance has close to 400 websocket connections opened during the day. I have a high
log level enabled. I was not able to identify any reason why this happens. The certificate
is a Letsencrypt certificate.
The issue is that sometimes clients have a hard time connecting to the websocket and that
maybe related. Below are a few more details about the config. Please let me know if you
have any pointers on how to debug those connection issues.
8<-----
TLS config:
modparam("tls", "tls_method", "TLSv1.2+")
modparam("tls", "verify_certificate", 0) modparam("tls",
"require_certificate", 0) modparam("tls",
"low_mem_threshold1", 0) modparam("tls",
"low_mem_threshold2", 0) modparam("tls", "private_key",
"/etc/certs/tls.key") modparam("tls", "certificate",
"/etc/certs/tls.crt")
version: kamailio 5.3.9 (x86_64/linux)
8<-----
This is related to the issue
https://github.com/kamailio/kamailio/issues/3085 (as pointed out it is not a problem in
Kamailio code).
Thanks,
Vinicius
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users