[OpenSIPS-Users] TLS Handshake fail issue

Jehanzaib Younis jehanzaib.kiani at gmail.com
Mon Nov 22 21:09:44 EST 2021 

Looks like the domain name you are using is not matching with the
certificate name.
I have also noticed you are using tlsv1, better to generate the certificate
with tlsv1.2 or tlsv1.3


Regards,
Jehanzaib


On Tue, Nov 23, 2021 at 1:58 AM Devang Dhandhalya <
devang.dhandhalya at ecosmob.com> wrote:

> Hello vlad
>
> Thanks for your response ,I used this command to check connection :openssl
> s_client -showcerts -debug -connect 192.168.0.105:5071 -bugs .
> Please let me know if there are any other commands to  check .
>
> CONNECTED(00000005)
> write to 0x561a52aa46b0 [0x561a52ab4eb0] (517 bytes => 517 (0x205))
> 140663188505024:error:14094458:SSL routines:ssl3_read_bytes:tlsv1
> unrecognized name:../ssl/record/rec_layer_s3.c:1528:SSL alert number 112
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 517 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 0 (ok)
> ---
>
> In this TLS  connection i am getting one error :
> 140663188505024:error:14094458:SSL routines:ssl3_read_bytes:tlsv1
> unrecognized name:../ssl/record/rec_layer_s3.c:1528:SSL alert number 112
>
> Can you please give some suggestions on this .
>
> OpenSIPS starts successfully without errors and the following command
> shows listening on the correct port:
> netstat -tapen | grep 5071
> tcp        0      0 192.168.0.105:5071      0.0.0.0:*
> LISTEN      0          87130      9179/opensips
>
> I made some changes in the tls configuration . other than this same as
> before .
>
> socket=udp:192.168.0.105:5060 as devang.com:5060
> socket=tcp:192.168.0.105:5060 as devang.com:5060
> socket=tls:192.168.0.105:5071 as devang.com:5071
>
> modparam("tls_mgm", "match_ip_address", "[dom1]1.2.3.4:5071")
>
>
> At the time of calling, I get this error .
>
> ERROR:tls_openssl:openssl_tls_async_connect: New TLS connection to
> 192.168.0.105:44853 failed
> ERROR:tls_openssl:openssl_tls_async_connect: TLS error: 1 (ret=-1)
> err=Success(0)
> ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:14094410:SSL
> routines:ssl3_read_bytes:sslv3 alert handshake failure
> ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake!
>
> I tried setting all the tls version methods as 'tls_method' in opensips
> config but the same error occurred.  Please advise how to resolve this
> SSL23 handshake failure.
>
> Regards
> Devang Dhandhalya
>
> *Disclaimer*
> In addition to generic Disclaimer which you have agreed on our website,
> any views or opinions presented in this email are solely those of the
> originator and do not necessarily represent those of the Company or its
> sister concerns. Any liability (in negligence, contract or otherwise)
> arising from any third party taking any action, or refraining from taking
> any action on the basis of any of the information contained in this email
> is hereby excluded.
>
> *Confidentiality*
> This communication (including any attachment/s) is intended only for the
> use of the addressee(s) and contains information that is PRIVILEGED AND
> CONFIDENTIAL. Unauthorized reading, dissemination, distribution, or copying
> of this communication is prohibited. Please inform originator if you have
> received it in error.
>
> *Caution for viruses, malware etc.*
> This communication, including any attachments, may not be free of viruses,
> trojans, similar or new contaminants/malware, interceptions or
> interference, and may not be compatible with your systems. You shall carry
> out virus/malware scanning on your own before opening any attachment to
> this e-mail. The sender of this e-mail and Company including its sister
> concerns shall not be liable for any damage that may incur to you as a
> result of viruses, incompleteness of this message, a delay in receipt of
> this message or any other computer problems.
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20211123/2c0e53c5/attachment.html>

More information about the Users mailing list