[SR-Users] Re: Kamailio MS Teams TLS Issue

Leonid Fainshtein Sat, 25 Feb 2023 23:02:12 -0800

Hi,
Try this:

modparam("tls", "renegotiation", 1)


Best regards,
Leonid Fainshtein



On Fri, Feb 24, 2023 at 12:47 PM <[email protected]> wrote:

> In Wireshark I see an Alert Handshake failure, coming from the Kamailio
> server.
>
> Transport Layer Security
>     TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake
> Failure)
>         Content Type: Alert (21)
>         Version: TLS 1.2 (0x0303)
>         Length: 2
>         Alert Message
>             Level: Fatal (2)
>             Description: Handshake Failure (40)
>
> My first thought is that something is wrong with the SSL ciphers on the
> server where Kamailio is running, this is the list I'm getting from the MS
> in the Client Hello packet:
> Cipher Suites (8 suites)
>     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
>     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
>     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
>     Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
>     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
>     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
>     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
>     Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
>
> And I see some of them available on the server:
> [root@srv kamailio]# openssl ciphers -v | grep 'ECDHE-RSA-AES'
> ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256)
> Mac=AEAD
> ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)
> Mac=SHA384
> ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
> ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128)
> Mac=AEAD
> ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)
> Mac=SHA256
> ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
>
> TLS module configuration is very basic:
> # ----- tls settings -----
> modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")
> modparam("tls", "tls_disable_compression", 1)
> modparam("tls", "connection_timeout", 300)
>
> Can be that the openssl version is pretty old maybe?
> [root@srv kamailio]# openssl version
> OpenSSL 1.0.2k-fips  26 Jan 2017
>
> Kamailio Version: version: kamailio 5.6.3 (x86_64/linux) ea782b
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to [email protected]
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>

__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: Kamailio MS Teams TLS Issue

Reply via email to