[OpenSIPS-Users] TLS Handshake fail issue
Devang Dhandhalya
devang.dhandhalya at ecosmob.com
Thu Nov 25 06:55:42 EST 2021
Hello Jehanzaib
Thanks For Your Response , Actually I generate TLS server (rootCA) and TLS
Client (user) certificates using opensips-cli .
softphone : Blink version : 5.1.7
opensips version : 3.2.2
I generate certificates using the devang.com domain . I am implementing
this TLS support in a local machine . Can you please tell me how you know
that I generate certificates using tlsv1 .
here is my first issue for tls hanshake with opensips configuration and dbg
lvl logs :
http://lists.opensips.org/pipermail/users/2021-November/045320.html
and Can you please tell me how to generate certificate with tlsv1.2 or
tlsv1.3
Regards,
Devang Dhandhalya
On Mon, Nov 22, 2021 at 6:27 PM Devang Dhandhalya <
devang.dhandhalya at ecosmob.com> wrote:
> Hello vlad
>
> Thanks for your response ,I used this command to check connection :openssl
> s_client -showcerts -debug -connect 192.168.0.105:5071 -bugs .
> Please let me know if there are any other commands to check .
>
> CONNECTED(00000005)
> write to 0x561a52aa46b0 [0x561a52ab4eb0] (517 bytes => 517 (0x205))
> 140663188505024:error:14094458:SSL routines:ssl3_read_bytes:tlsv1
> unrecognized name:../ssl/record/rec_layer_s3.c:1528:SSL alert number 112
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 517 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 0 (ok)
> ---
>
> In this TLS connection i am getting one error :
> 140663188505024:error:14094458:SSL routines:ssl3_read_bytes:tlsv1
> unrecognized name:../ssl/record/rec_layer_s3.c:1528:SSL alert number 112
>
> Can you please give some suggestions on this .
>
> OpenSIPS starts successfully without errors and the following command
> shows listening on the correct port:
> netstat -tapen | grep 5071
> tcp 0 0 192.168.0.105:5071 0.0.0.0:*
> LISTEN 0 87130 9179/opensips
>
> I made some changes in the tls configuration . other than this same as
> before .
>
> socket=udp:192.168.0.105:5060 as devang.com:5060
> socket=tcp:192.168.0.105:5060 as devang.com:5060
> socket=tls:192.168.0.105:5071 as devang.com:5071
>
> modparam("tls_mgm", "match_ip_address", "[dom1]1.2.3.4:5071")
>
>
> At the time of calling, I get this error .
>
> ERROR:tls_openssl:openssl_tls_async_connect: New TLS connection to
> 192.168.0.105:44853 failed
> ERROR:tls_openssl:openssl_tls_async_connect: TLS error: 1 (ret=-1)
> err=Success(0)
> ERROR:tls_openssl:tls_print_errstack: TLS errstack: error:14094410:SSL
> routines:ssl3_read_bytes:sslv3 alert handshake failure
> ERROR:proto_tls:tls_read_req: failed to do pre-tls handshake!
>
> I tried setting all the tls version methods as 'tls_method' in opensips
> config but the same error occurred. Please advise how to resolve this
> SSL23 handshake failure.
>
> Regards
> Devang Dhandhalya
>
--
*Disclaimer*
In addition to generic Disclaimer which you have agreed on our
website, any views or opinions presented in this email are solely those of
the originator and do not necessarily represent those of the Company or its
sister concerns. Any liability (in negligence, contract or otherwise)
arising from any third party taking any action, or refraining from taking
any action on the basis of any of the information contained in this email
is hereby excluded.
*Confidentiality*
This communication (including any
attachment/s) is intended only for the use of the addressee(s) and contains
information that is PRIVILEGED AND CONFIDENTIAL. Unauthorized reading,
dissemination, distribution, or copying of this communication is
prohibited. Please inform originator if you have received it in error.
*Caution for viruses, malware etc.*
This communication, including any
attachments, may not be free of viruses, trojans, similar or new
contaminants/malware, interceptions or interference, and may not be
compatible with your systems. You shall carry out virus/malware scanning on
your own before opening any attachment to this e-mail. The sender of this
e-mail and Company including its sister concerns shall not be liable for
any damage that may incur to you as a result of viruses, incompleteness of
this message, a delay in receipt of this message or any other computer
problems.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20211125/285dcfbb/attachment.html>
More information about the Users
mailing list