Hi, Have you tried using the tlsa module and linking it to a modern openssl 1 release, had similar problems due to an old version of openssl lurking in the package repositories of the distro I was using
Get Outlook for Android<https://aka.ms/AAb9ysg> ________________________________ From: Leonid Fainshtein <[email protected]> Sent: Sunday, February 26, 2023 6:51:19 AM To: Kamailio (SER) - Users Mailing List <[email protected]> Subject: [SR-Users] Re: Kamailio MS Teams TLS Issue Hi, Try this: modparam("tls", "renegotiation", 1) Best regards, Leonid Fainshtein [https://gmopn.com/api/v1/track/email/view/608535f77fc26b8402a04a3e/1677394235208/pixel.gif] On Fri, Feb 24, 2023 at 12:47 PM <[email protected]<mailto:[email protected]>> wrote: In Wireshark I see an Alert Handshake failure, coming from the Kamailio server. Transport Layer Security TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure) Content Type: Alert (21) Version: TLS 1.2 (0x0303) Length: 2 Alert Message Level: Fatal (2) Description: Handshake Failure (40) My first thought is that something is wrong with the SSL ciphers on the server where Kamailio is running, this is the list I'm getting from the MS in the Client Hello packet: Cipher Suites (8 suites) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) And I see some of them available on the server: [root@srv kamailio]# openssl ciphers -v | grep 'ECDHE-RSA-AES' ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 TLS module configuration is very basic: # ----- tls settings ----- modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg") modparam("tls", "tls_disable_compression", 1) modparam("tls", "connection_timeout", 300) Can be that the openssl version is pretty old maybe? [root@srv kamailio]# openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 Kamailio Version: version: kamailio 5.6.3 (x86_64/linux) ea782b __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected]<mailto:[email protected]> Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
