Hey All
I have been setting up TLS and websocket for kamailio but i keep getting these errors in the log please can someone help me
Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_util.h:51]: tls_err_ret(): TLS accept:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher (sni: [sip.domain.com](http://sip.sipalto.com)) Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 1.2.3.4.5:57265 Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 5.4.3.2.1:8089Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: <core> [core/tcp_read.c:1478]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f3c8fc16720 r: 0x7f3c8fc16848 (-1)
my config is pretty standard so i am not sure what i am missing using letsencrypt certs
#!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "tls_method", "TLSv1.2+") modparam("tls", "certificate", "/etc/kamailio/tls/cert.pem") modparam("tls", "private_key", "/etc/kamailio/tls/ckey.pem") modparam("tls", "ca_list", "/etc/kamailio/tls/fullchain.pem")#!endif
Sent with [Proton Mail](https://proton.me/) secure email.
Hi,
can you please explain your system a bit more?
Kamailio Version, openssl Version and your Linux Distribution would be a good starting point.
Kind regards Karsten Horsmann
nutxase nutxase@proton.me schrieb am Mi., 14. Juni 2023, 22:26:
Hey All
I have been setting up TLS and websocket for kamailio but i keep getting these errors in the log please can someone help me
Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_util.h:51]: tls_err_ret(): TLS accept:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher (sni: sip.domain.com http://sip.sipalto.com) Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 1.2.3.4.5:57265 Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 5.4.3.2.1:8089 Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: <core> [core/tcp_read.c:1478]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f3c8fc16720 r: 0x7f3c8fc16848 (-1)
my config is pretty standard so i am not sure what i am missing using letsencrypt certs
#!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "tls_method", "TLSv1.2+") modparam("tls", "certificate", "/etc/kamailio/tls/cert.pem") modparam("tls", "private_key", "/etc/kamailio/tls/ckey.pem") modparam("tls", "ca_list", "/etc/kamailio/tls/fullchain.pem") #!endif Sent with Proton Mail https://proton.me/ secure email. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Hi Karsten and list
I am running Centos 7.9 openssl v1.0.2k kamailio 5.7.0
Sent with [Proton Mail](https://proton.me/) secure email.
------- Original Message ------- On Wednesday, June 14th, 2023 at 8:55 PM, nutxase nutxase@proton.me wrote:
Hey All
I have been setting up TLS and websocket for kamailio but i keep getting these errors in the log please can someone help me
Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_util.h:51]: tls_err_ret(): TLS accept:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher (sni: [sip.domain.com](http://sip.sipalto.com)) Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 1.2.3.4.5:57265 Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 5.4.3.2.1:8089Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: <core> [core/tcp_read.c:1478]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f3c8fc16720 r: 0x7f3c8fc16848 (-1)
my config is pretty standard so i am not sure what i am missing using letsencrypt certs
#!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "tls_method", "TLSv1.2+") modparam("tls", "certificate", "/etc/kamailio/tls/cert.pem") modparam("tls", "private_key", "/etc/kamailio/tls/ckey.pem") modparam("tls", "ca_list", "/etc/kamailio/tls/fullchain.pem")#!endif
Sent with [Proton Mail](https://proton.me/) secure email.
i have definately confirmed the certs are valid and that i am using latest openssl for centos 7
perhaps im missing something else? i did take the example from https://github.com/kamailio/kamailio/blob/master/misc/examples/webrtc/websoc...
Sent with [Proton Mail](https://proton.me/) secure email.
------- Original Message ------- On Thursday, June 15th, 2023 at 9:36 AM, nutxase nutxase@proton.me wrote:
Hi Karsten and list
I am running Centos 7.9 openssl v1.0.2k kamailio 5.7.0
Sent with [Proton Mail](https://proton.me/) secure email.
------- Original Message ------- On Wednesday, June 14th, 2023 at 8:55 PM, nutxase nutxase@proton.me wrote:
Hey All
I have been setting up TLS and websocket for kamailio but i keep getting these errors in the log please can someone help me
Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_util.h:51]: tls_err_ret(): TLS accept:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher (sni: [sip.domain.com](http://sip.sipalto.com)) Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 1.2.3.4.5:57265 Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 5.4.3.2.1:8089Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: <core> [core/tcp_read.c:1478]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f3c8fc16720 r: 0x7f3c8fc16848 (-1)
my config is pretty standard so i am not sure what i am missing using letsencrypt certs
#!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "tls_method", "TLSv1.2+") modparam("tls", "certificate", "/etc/kamailio/tls/cert.pem") modparam("tls", "private_key", "/etc/kamailio/tls/ckey.pem") modparam("tls", "ca_list", "/etc/kamailio/tls/fullchain.pem")#!endif
Sent with [Proton Mail](https://proton.me/) secure email.
Hi,
First I didn't run the 5.7 right now.
AFAIK 1.0.2k is an additional openssl lib in Centos 7.9. Default is 1.0.1* and the RPMS (I use also Centos 7.9) from kamailio.org are build agains the 1.0.1* (5.5.x are).
Did you test your certs for example in a httpd or so that they created right?
Did you try it with an tls.cfg?
Then all other modparms are obsolete except the config param.
loadmodule "tls.so" # ----- tls params ----- modparam("tls", "config", "/etc/kamailio/tls.cfg")
tls.cfg example:
[server:default] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /etc/pki/tls/private/YOURDOMAIN.pem certificate = /etc/pki/tls/private/YOURDOMAIN.pem server_name = yourdomain.example cipher_list = HIGH:!3DES:!DES:!aDH:!AECDH:!CAMELLIA128:!CAMELLIA256:!CAMELLIA:!ADH:!SHA1
Kind Regards Karsten Horsmann
nutxase nutxase@proton.me schrieb am Do., 15. Juni 2023, 15:48:
i have definately confirmed the certs are valid and that i am using latest openssl for centos 7
perhaps im missing something else? i did take the example from
https://github.com/kamailio/kamailio/blob/master/misc/examples/webrtc/websoc...
Sent with Proton Mail https://proton.me/ secure email.
------- Original Message ------- On Thursday, June 15th, 2023 at 9:36 AM, nutxase nutxase@proton.me wrote:
Hi Karsten and list
I am running Centos 7.9 openssl v1.0.2k kamailio 5.7.0
Sent with Proton Mail https://proton.me/ secure email.
------- Original Message ------- On Wednesday, June 14th, 2023 at 8:55 PM, nutxase nutxase@proton.me wrote:
Hey All
I have been setting up TLS and websocket for kamailio but i keep getting these errors in the log please can someone help me
Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_util.h:51]: tls_err_ret(): TLS accept:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher (sni: sip.domain.com http://sip.sipalto.com) Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 1.2.3.4.5:57265 Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 5.4.3.2.1:8089 Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: <core> [core/tcp_read.c:1478]: tcp_read_req(): ERROR: tcp_read_req: error reading
- c: 0x7f3c8fc16720 r: 0x7f3c8fc16848 (-1)
my config is pretty standard so i am not sure what i am missing using letsencrypt certs
#!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "tls_method", "TLSv1.2+") modparam("tls", "certificate", "/etc/kamailio/tls/cert.pem") modparam("tls", "private_key", "/etc/kamailio/tls/ckey.pem") modparam("tls", "ca_list", "/etc/kamailio/tls/fullchain.pem") #!endif Sent with Proton Mail https://proton.me/ secure email.
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
Hello,
I would also recommend using the approach with a dedicated tls module configuration file. The other way with the configuration in the kamailio.cfg is still supported I think, but don’t support configuration reload during run time.
Cheers,
Henning
-- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.comhttps://gilawa.com/
From: Karsten Horsmann khorsmann@gmail.com Sent: Donnerstag, 15. Juni 2023 21:18 To: Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org Subject: [SR-Users] Re: TLS errors
Hi,
First I didn't run the 5.7 right now.
AFAIK 1.0.2k is an additional openssl lib in Centos 7.9. Default is 1.0.1* and the RPMS (I use also Centos 7.9) from kamailio.orghttp://kamailio.org are build agains the 1.0.1* (5.5.x are).
Did you test your certs for example in a httpd or so that they created right?
Did you try it with an tls.cfg?
Then all other modparms are obsolete except the config param.
loadmodule "tls.so" # ----- tls params ----- modparam("tls", "config", "/etc/kamailio/tls.cfg")
tls.cfg example:
[server:default] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /etc/pki/tls/private/YOURDOMAIN.pem certificate = /etc/pki/tls/private/YOURDOMAIN.pem server_name = yourdomain.example cipher_list = HIGH:!3DES:!DES:!aDH:!AECDH:!CAMELLIA128:!CAMELLIA256:!CAMELLIA:!ADH:!SHA1
Kind Regards Karsten Horsmann
nutxase <nutxase@proton.memailto:nutxase@proton.me> schrieb am Do., 15. Juni 2023, 15:48: i have definately confirmed the certs are valid and that i am using latest openssl for centos 7
perhaps im missing something else? i did take the example from https://github.com/kamailio/kamailio/blob/master/misc/examples/webrtc/websoc...
Sent with Proton Mailhttps://proton.me/ secure email.
------- Original Message ------- On Thursday, June 15th, 2023 at 9:36 AM, nutxase <nutxase@proton.memailto:nutxase@proton.me> wrote:
Hi Karsten and list
I am running Centos 7.9 openssl v1.0.2k kamailio 5.7.0
Sent with Proton Mailhttps://proton.me/ secure email.
------- Original Message ------- On Wednesday, June 14th, 2023 at 8:55 PM, nutxase <nutxase@proton.memailto:nutxase@proton.me> wrote:
Hey All
I have been setting up TLS and websocket for kamailio but i keep getting these errors in the log please can someone help me
Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_util.h:51]: tls_err_ret(): TLS accept:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher (sni: sip.domain.comhttp://sip.sipalto.com) Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 1.2.3.4.5:57265 Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 5.4.3.2.1:8089 Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: <core> [core/tcp_read.c:1478]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f3c8fc16720 r: 0x7f3c8fc16848 (-1)
my config is pretty standard so i am not sure what i am missing using letsencrypt certs
#!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "tls_method", "TLSv1.2+") modparam("tls", "certificate", "/etc/kamailio/tls/cert.pem") modparam("tls", "private_key", "/etc/kamailio/tls/ckey.pem") modparam("tls", "ca_list", "/etc/kamailio/tls/fullchain.pem") #!endif Sent with Proton Mailhttps://proton.me/ secure email.
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.orgmailto:sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
-
Henning Westerholt -
Karsten Horsmann -
nutxase