Hi,
First I didn't run the 5.7 right now.
AFAIK 1.0.2k is an additional openssl lib in Centos 7.9. Default is 1.0.1*
and the RPMS (I use also Centos 7.9) from kamailio.org are build agains the
1.0.1* (5.5.x are).
Did you test your certs for example in a httpd or so that they created
right?
Did you try it with an tls.cfg?
Then all other modparms are obsolete except the config param.
loadmodule "tls.so"
# ----- tls params -----
modparam("tls", "config", "/etc/kamailio/tls.cfg")
tls.cfg example:
[server:default]
method = TLSv1.2+
verify_certificate = no
require_certificate = no
private_key = /etc/pki/tls/private/YOURDOMAIN.pem certificate =
/etc/pki/tls/private/YOURDOMAIN.pem
server_name = yourdomain.example
cipher_list =
HIGH:!3DES:!DES:!aDH:!AECDH:!CAMELLIA128:!CAMELLIA256:!CAMELLIA:!ADH:!SHA1
Kind Regards
Karsten Horsmann
nutxase <[email protected]> schrieb am Do., 15. Juni 2023, 15:48:
> i have definately confirmed the certs are valid and that i am using latest
> openssl for centos 7
>
> perhaps im missing something else?
> i did take the example from
>
> https://github.com/kamailio/kamailio/blob/master/misc/examples/webrtc/websocket.cfg
>
> Sent with Proton Mail <https://proton.me/> secure email.
>
> ------- Original Message -------
> On Thursday, June 15th, 2023 at 9:36 AM, nutxase <[email protected]>
> wrote:
>
> Hi Karsten and list
>
> I am running
> Centos 7.9
> openssl v1.0.2k
> kamailio 5.7.0
>
>
>
>
> Sent with Proton Mail <https://proton.me/> secure email.
>
> ------- Original Message -------
> On Wednesday, June 14th, 2023 at 8:55 PM, nutxase <[email protected]>
> wrote:
>
> Hey All
>
> I have been setting up TLS and websocket for kamailio but i keep getting
> these errors in the log please can someone help me
>
> Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls
> [tls_util.h:51]: tls_err_ret(): TLS accept:error:1408A0C1:SSL
> routines:ssl3_get_client_hello:no shared cipher (sni: sip.domain.com
> <http://sip.sipalto.com>)
> Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls
> [tls_server.c:1333]: tls_h_read_f(): src addr: 1.2.3.4.5:57265
> Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls
> [tls_server.c:1336]: tls_h_read_f(): dst addr: 5.4.3.2.1:8089
> Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: <core>
> [core/tcp_read.c:1478]: tcp_read_req(): ERROR: tcp_read_req: error reading
> - c: 0x7f3c8fc16720 r: 0x7f3c8fc16848 (-1)
>
>
> my config is pretty standard so i am not sure what i am missing
> using letsencrypt certs
>
> #!ifdef WITH_TLS
> # ----- tls params -----
> modparam("tls", "tls_method", "TLSv1.2+")
> modparam("tls", "certificate", "/etc/kamailio/tls/cert.pem")
> modparam("tls", "private_key", "/etc/kamailio/tls/ckey.pem")
> modparam("tls", "ca_list", "/etc/kamailio/tls/fullchain.pem")
> #!endif
> Sent with Proton Mail <https://proton.me/> secure email.
>
>
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to [email protected]
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
>
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
