Hello, I would also recommend using the approach with a dedicated tls module configuration file. The other way with the configuration in the kamailio.cfg is still supported I think, but don’t support configuration reload during run time.
Cheers, Henning -- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com<https://gilawa.com/> From: Karsten Horsmann <[email protected]> Sent: Donnerstag, 15. Juni 2023 21:18 To: Kamailio (SER) - Users Mailing List <[email protected]> Subject: [SR-Users] Re: TLS errors Hi, First I didn't run the 5.7 right now. AFAIK 1.0.2k is an additional openssl lib in Centos 7.9. Default is 1.0.1* and the RPMS (I use also Centos 7.9) from kamailio.org<http://kamailio.org> are build agains the 1.0.1* (5.5.x are). Did you test your certs for example in a httpd or so that they created right? Did you try it with an tls.cfg? Then all other modparms are obsolete except the config param. loadmodule "tls.so" # ----- tls params ----- modparam("tls", "config", "/etc/kamailio/tls.cfg") tls.cfg example: [server:default] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /etc/pki/tls/private/YOURDOMAIN.pem certificate = /etc/pki/tls/private/YOURDOMAIN.pem server_name = yourdomain.example cipher_list = HIGH:!3DES:!DES:!aDH:!AECDH:!CAMELLIA128:!CAMELLIA256:!CAMELLIA:!ADH:!SHA1 Kind Regards Karsten Horsmann nutxase <[email protected]<mailto:[email protected]>> schrieb am Do., 15. Juni 2023, 15:48: i have definately confirmed the certs are valid and that i am using latest openssl for centos 7 perhaps im missing something else? i did take the example from https://github.com/kamailio/kamailio/blob/master/misc/examples/webrtc/websocket.cfg Sent with Proton Mail<https://proton.me/> secure email. ------- Original Message ------- On Thursday, June 15th, 2023 at 9:36 AM, nutxase <[email protected]<mailto:[email protected]>> wrote: Hi Karsten and list I am running Centos 7.9 openssl v1.0.2k kamailio 5.7.0 Sent with Proton Mail<https://proton.me/> secure email. ------- Original Message ------- On Wednesday, June 14th, 2023 at 8:55 PM, nutxase <[email protected]<mailto:[email protected]>> wrote: Hey All I have been setting up TLS and websocket for kamailio but i keep getting these errors in the log please can someone help me Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_util.h:51]: tls_err_ret(): TLS accept:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher (sni: sip.domain.com<http://sip.sipalto.com>) Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1333]: tls_h_read_f(): src addr: 1.2.3.4.5:57265 Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: tls [tls_server.c:1336]: tls_h_read_f(): dst addr: 5.4.3.2.1:8089 Jun 14 20:51:57 so-sbc-02 /usr/sbin/kamailio[25490]: ERROR: <core> [core/tcp_read.c:1478]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f3c8fc16720 r: 0x7f3c8fc16848 (-1) my config is pretty standard so i am not sure what i am missing using letsencrypt certs #!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "tls_method", "TLSv1.2+") modparam("tls", "certificate", "/etc/kamailio/tls/cert.pem") modparam("tls", "private_key", "/etc/kamailio/tls/ckey.pem") modparam("tls", "ca_list", "/etc/kamailio/tls/fullchain.pem") #!endif Sent with Proton Mail<https://proton.me/> secure email. __________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected]<mailto:[email protected]> Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
