Looks like the domain name you are using is not matching with the certificate name. I have also noticed you are using tlsv1, better to generate the certificate with tlsv1.2 or tlsv1.3
Regards, Jehanzaib On Tue, Nov 23, 2021 at 1:58 AM Devang Dhandhalya < [email protected]> wrote: > Hello vlad > > Thanks for your response ,I used this command to check connection :openssl > s_client -showcerts -debug -connect 192.168.0.105:5071 -bugs . > Please let me know if there are any other commands to check . > > CONNECTED(00000005) > write to 0x561a52aa46b0 [0x561a52ab4eb0] (517 bytes => 517 (0x205)) > 140663188505024:error:14094458:SSL routines:ssl3_read_bytes:tlsv1 > unrecognized name:../ssl/record/rec_layer_s3.c:1528:SSL alert number 112 > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 517 bytes > Verification: OK > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > Early data was not sent > Verify return code: 0 (ok) > --- > > In this TLS connection i am getting one error : > 140663188505024:error:14094458:SSL routines:ssl3_read_bytes:tlsv1 > unrecognized name:../ssl/record/rec_layer_s3.c:1528:SSL alert number 112 > > Can you please give some suggestions on this . > > OpenSIPS starts successfully without errors and the following command > shows listening on the correct port: > netstat -tapen | grep 5071 > tcp 0 0 192.168.0.105:5071 0.0.0.0:* > LISTEN 0 87130 9179/opensips > > I made some changes in the tls configuration . other than this same as > before . > > socket=udp:192.168.0.105:5060 as devang.com:5060 > socket=tcp:192.168.0.105:5060 as devang.com:5060 > socket=tls:192.168.0.105:5071 as devang.com:5071 > > modparam("tls_mgm", "match_ip_address", "[dom1]1.2.3.4:5071") > > > At the time of calling, I get this error . > > ERROR:tls_openssl:openssl_tls_async_connect: New TLS connection to > 192.168.0.105:44853 failed > ERROR:tls_openssl:openssl_tls_async_connect: TLS error: 1 (ret=-1) > err=Success(0) > ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:14094410:SSL > routines:ssl3_read_bytes:sslv3 alert handshake failure > ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake! > > I tried setting all the tls version methods as 'tls_method' in opensips > config but the same error occurred. Please advise how to resolve this > SSL23 handshake failure. > > Regards > Devang Dhandhalya > > *Disclaimer* > In addition to generic Disclaimer which you have agreed on our website, > any views or opinions presented in this email are solely those of the > originator and do not necessarily represent those of the Company or its > sister concerns. Any liability (in negligence, contract or otherwise) > arising from any third party taking any action, or refraining from taking > any action on the basis of any of the information contained in this email > is hereby excluded. > > *Confidentiality* > This communication (including any attachment/s) is intended only for the > use of the addressee(s) and contains information that is PRIVILEGED AND > CONFIDENTIAL. Unauthorized reading, dissemination, distribution, or copying > of this communication is prohibited. Please inform originator if you have > received it in error. > > *Caution for viruses, malware etc.* > This communication, including any attachments, may not be free of viruses, > trojans, similar or new contaminants/malware, interceptions or > interference, and may not be compatible with your systems. You shall carry > out virus/malware scanning on your own before opening any attachment to > this e-mail. The sender of this e-mail and Company including its sister > concerns shall not be liable for any damage that may incur to you as a > result of viruses, incompleteness of this message, a delay in receipt of > this message or any other computer problems. > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
