Hi Henning, How are you? Thanks for the fast reply. I understand the report is vague (sorry), and that is the reason I'm asking for help. I don't see any other errors in the logs except the SSL errors, and as this happens sporadically (had happened two times only) during high connection numbers (over 400), I could not get more relevant information. The symptom is the browser not being able to open new connections. Restarting kamailio solves the issue, but that is a burden because it disrupts usage for a few minutes.
I'll take your advice and upgrade the version and keep a close eye on it. Thanks, Vinicius On Fri, Apr 22, 2022 at 11:50 AM Henning Westerholt <[email protected]> wrote: > > Hello, > > as pointed out before, the SSLv3 error message is misleading. > > You need to be a bit more precise regarding your issue, "having a hard time" > is a bit too vague. Did you already made some analysis if it happens only > during a certain time of the day, or only certain clients etc..? > > A bit of general advice, you could also consider doing an Kamailio update, > 5.3.9 is end of life. > > Cheers, > > Henning > > -- > Henning Westerholt - https://skalatan.de/blog/ > Kamailio services - https://gilawa.com > > -----Original Message----- > From: sr-users <[email protected]> On Behalf Of Vinicius > Kwiecien Ruoso > Sent: Friday, April 22, 2022 4:14 PM > To: Kamailio (SER) - Users Mailing List <[email protected]> > Subject: [SR-Users] SSL errors with websocket clients > > Hi all! > How are you? > > I have a kamailio instance and some users are having issues connecting via > websocket using TLS. The logs show SSLv3 errors. Cannot find why that error > would show up if SSLv2/3 is not enabled. Double checked it via SSLLabs that > only TLSv1.2 is allowed in the service. > > Error sample: > ``` > 15(36) ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS > accept:error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate > unknown > 15(36) ERROR: <core> [core/tcp_read.c:1512]: tcp_read_req(): ERROR: > tcp_read_req: error reading - c: 0x7fafc8768190 r: 0x7fafc8768278 (-1) ``` > > This instance has close to 400 websocket connections opened during the day. I > have a high log level enabled. I was not able to identify any reason why this > happens. The certificate is a Letsencrypt certificate. > > The issue is that sometimes clients have a hard time connecting to the > websocket and that maybe related. Below are a few more details about the > config. Please let me know if you have any pointers on how to debug those > connection issues. > > 8<----- > TLS config: > > modparam("tls", "tls_method", "TLSv1.2+") modparam("tls", > "verify_certificate", 0) modparam("tls", "require_certificate", 0) > modparam("tls", "low_mem_threshold1", 0) modparam("tls", > "low_mem_threshold2", 0) modparam("tls", "private_key", "/etc/certs/tls.key") > modparam("tls", "certificate", "/etc/certs/tls.crt") > > version: kamailio 5.3.9 (x86_64/linux) > 8<----- > > This is related to the issue > https://github.com/kamailio/kamailio/issues/3085 (as pointed out it is not a > problem in Kamailio code). > > Thanks, > Vinicius > > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * [email protected] > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
