[OpenSIPS-Users] TLS problem

Volkan Oransoy voransoy at gmail.com
Fri Aug 26 15:14:53 UTC 2022 

Hi all

We are having an issue with TLS connections on our lab setup on EC2 and
couldn't figure out a solution. Here are my logs and configs. WSS, UDP and
TCP connections work fine.

Honestly, I couldn't find a way to properly debug the problem other than
logs.

Thanks in advance for your help

Cheers

loadmodule "tls_mgm.so"
loadmodule "tls_openssl.so"
modparam("tls_mgm", "tls_library", "openssl")
modparam("tls_mgm", "client_sip_domain_avp", "tls_sip_dom")
modparam("tls_mgm", "server_domain", "test")
modparam("tls_mgm", "match_ip_address", "[test]*")
modparam("tls_mgm", "certificate", "[test]/etc/opensips/tls/server.crt")
modparam("tls_mgm", "private_key", "[test]/etc/opensips/tls/server.key")
modparam("tls_mgm", "tls_method", "[test]TLSv1-")
modparam("tls_mgm", "verify_cert", "[test]0")
modparam("tls_mgm", "require_cert", "[test]0")
modparam("proto_tls", "tls_max_msg_chunks", 16)
modparam("proto_tls", "tls_handshake_timeout", 200)

###########################################################################

Aug 26 14:06:22 [1927] INFO:tls_openssl:openssl_tls_accept: New TLS
connection from 11.22.33.44:9917 accepted
Aug 26 14:06:22 [1927] DBG:tls_openssl:openssl_tls_accept: new TLS
connection from 11.22.33.44:9917 using TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
256
Aug 26 14:06:22 [1927] DBG:tls_openssl:openssl_tls_accept: local socket:
172.16.0.142:5061
Aug 26 14:06:22 [1927] INFO:tls_openssl:openssl_tls_accept: Client did not
present a TLS certificate
Aug 26 14:06:22 [1927] INFO:tls_openssl:tls_dump_cert_info: tls_accept:
local TLS server certificate subject: /CN=*.example.com, issuer:
/C=GB/ST=Greater Manchester/L=Salford/O=Sectigo Limited/CN=Sectigo RSA
Domain Validation Secure Server CA
Aug 26 14:06:22 [1927] DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
Aug 26 14:06:22 [1927] DBG:proto_tls:tcp_handle_req: We didn't manage to
read a full request
Aug 26 14:06:22 [1927] DBG:proto_tls:tls_read_req: tls_read_req end
Aug 26 14:06:23 [1927] DBG:proto_tls:tls_read_req: Using the per connection
buff
Aug 26 14:06:23 [1927] DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
Aug 26 14:06:23 [1927] DBG:proto_tls:tls_read_req: EOF received
Aug 26 14:06:23 [1927] DBG:core:io_watch_del: [TCP_worker] io_watch_del op
on index 0 4 (0x55ef6f9b8080, 4, 0, 0x10,0x3) fd_no=5 called
Aug 26 14:06:23 [1927] DBG:core:tcpconn_release:  releasing con
0x7f883464d580, state -1, fd=-1, id=73191278
Aug 26 14:06:23 [1927] DBG:core:tcpconn_release:  extra_data 0x7f8834667ae0
Aug 26 14:06:23 [1929] DBG:core:handle_tcp_worker: response= 7f883464d580,
-1 from tcp worker 0 (1)
Aug 26 14:06:23 [1929] DBG:core:tcpconn_destroy: destroying connection
0x7f883464d580, flags 003c
Aug 26 14:06:23 [1929] DBG:tls_openssl:openssl_tls_update_fd: New fd is 89
Aug 26 14:06:23 [1929] DBG:core:probe_max_sock_buff: getsockopt: snd is
initially 425984
Aug 26 14:06:23 [1929] DBG:core:probe_max_sock_buff: using snd buffer of
416 kb
Aug 26 14:06:23 [1929] DBG:core:init_sock_keepalive: TCP keepalive enabled
on socket 89
Aug 26 14:06:23 [1929] DBG:core:print_ip: tcpconn_new: new tcp connection
to: 11.22.33.44
Aug 26 14:06:23 [1929] DBG:core:tcpconn_new: on port 43580, proto 3
Aug 26 14:06:23 [1929] DBG:core:tcpconn_add: hashes: 867, 879
Aug 26 14:06:23 [1929] DBG:core:handle_new_connect: new connection:
0x7f883464e098 89 flags: 001c
Aug 26 14:06:23 [1929] DBG:core:send2worker: to tcp worker 1 (0),
0x7f883464e098 rw 1
Aug 26 14:06:23 [1927] DBG:proto_tls:proto_tls_conn_init: looking up TLS
server domain [172.16.0.142:5061]
Aug 26 14:06:23 [1927] DBG:tls_mgm:tls_find_server_domain: found TLS server
domain: hcprod
Aug 26 14:06:23 [1927] DBG:tls_openssl:openssl_tls_conn_init: Creating a
whole new ssl connection
Aug 26 14:06:23 [1927] DBG:tls_openssl:openssl_tls_conn_init: Setting in
ACCEPT mode (server)
Aug 26 14:06:23 [1927] DBG:core:handle_io: We have received conn
0x7f883464e098 with rw 1 on fd 4
Aug 26 14:06:23 [1927] DBG:core:io_watch_add: [TCP_worker] io_watch_add op
(4 on 84) (0x55ef6f9b8080, 4, 19, 0x7f883464e098,1), fd_no=4/1024
Aug 26 14:06:23 [1927] DBG:proto_tls:tls_read_req: Using the global ( per
process ) buff
Aug 26 14:06:23 [1927] DBG:tls_openssl:openssl_tls_update_fd: New fd is 4
Aug 26 14:06:23 [1927] DBG:proto_tls:tls_read_req: SSL accept/connect still
pending!
Aug 26 14:06:23 [1927] DBG:proto_tls:tls_read_req: Using the global ( per
process ) buff
Aug 26 14:06:23 [1927] DBG:tls_openssl:openssl_tls_update_fd: New fd is 4

-- 
Volkan Oransoy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20220826/91283690/attachment.html>

More information about the Users mailing list