[OpenSIPS-Users] TLS Handshake fail issue

Devang Dhandhalya devang.dhandhalya at ecosmob.com
Mon Nov 22 12:57:39 EST 2021 

Hello vlad

Thanks for your response ,I used this command to check connection :openssl
s_client -showcerts -debug -connect 192.168.0.105:5071 -bugs .
Please let me know if there are any other commands to  check .

CONNECTED(00000005)
write to 0x561a52aa46b0 [0x561a52ab4eb0] (517 bytes => 517 (0x205))
140663188505024:error:14094458:SSL routines:ssl3_read_bytes:tlsv1
unrecognized name:../ssl/record/rec_layer_s3.c:1528:SSL alert number 112
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 517 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

In this TLS  connection i am getting one error :
140663188505024:error:14094458:SSL routines:ssl3_read_bytes:tlsv1
unrecognized name:../ssl/record/rec_layer_s3.c:1528:SSL alert number 112

Can you please give some suggestions on this .

OpenSIPS starts successfully without errors and the following command shows
listening on the correct port:
netstat -tapen | grep 5071
tcp        0      0 192.168.0.105:5071      0.0.0.0:*               LISTEN
     0          87130      9179/opensips

I made some changes in the tls configuration . other than this same as
before .

socket=udp:192.168.0.105:5060 as devang.com:5060
socket=tcp:192.168.0.105:5060 as devang.com:5060
socket=tls:192.168.0.105:5071 as devang.com:5071

modparam("tls_mgm", "match_ip_address", "[dom1]1.2.3.4:5071")


At the time of calling, I get this error .

ERROR:tls_openssl:openssl_tls_async_connect: New TLS connection to
192.168.0.105:44853 failed
ERROR:tls_openssl:openssl_tls_async_connect: TLS error: 1 (ret=-1)
err=Success(0)
ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure
ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake!

I tried setting all the tls version methods as 'tls_method' in opensips
config but the same error occurred.  Please advise how to resolve this
SSL23 handshake failure.

Regards
Devang Dhandhalya

-- 
*Disclaimer*
In addition to generic Disclaimer which you have agreed on our 
website, any views or opinions presented in this email are solely those of 
the originator and do not necessarily represent those of the Company or its 
sister concerns. Any liability (in negligence, contract or otherwise) 
arising from any third party taking any action, or refraining from taking 
any action on the basis of any of the information contained in this email 
is hereby excluded.



*Confidentiality*
This communication (including any 
attachment/s) is intended only for the use of the addressee(s) and contains 
information that is PRIVILEGED AND CONFIDENTIAL. Unauthorized reading, 
dissemination, distribution, or copying of this communication is 
prohibited. Please inform originator if you have received it in error.


*Caution for viruses, malware etc.*
This communication, including any 
attachments, may not be free of viruses, trojans, similar or new 
contaminants/malware, interceptions or interference, and may not be 
compatible with your systems. You shall carry out virus/malware scanning on 
your own before opening any attachment to this e-mail. The sender of this 
e-mail and Company including its sister concerns shall not be liable for 
any damage that may incur to you as a result of viruses, incompleteness of 
this message, a delay in receipt of this message or any other computer 
problems. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20211122/2e662bfd/attachment-0001.html>

More information about the Users mailing list