<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello,</p>
<p>you trimmed the output, but I guess that the connection stayed
open and no errors were printed in kamailio logs.</p>
<p>That means, kamailio is doing ok. If the web browser has issues
connecting over tls, then the problem is somewhere else. Check the
logs/console of the browser to see if you get any hints there.</p>
<p>You can also list the tcp/tls connection via RPC and see if the
connection you expect is there.</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 20.05.20 10:30, Chirag Desai wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAFbhCMHLudyU4pKE_PAr4Vw6HPC750D9KpjgKcsnUyEQPDmVfA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="auto">
<div dir="auto">Hi Daniel,</div>
<div dir="auto"><br>
</div>
<div dir="auto">This is the result:</div>
<div dir="auto"><br>
</div>
<div dir="auto">openssl s_client -connect <a
href="http://sip.mydomain.com:5061" moz-do-not-send="true">sip.mydomain.com:5061</a>
-tlsextdebug</div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<div dir="auto">CONNECTED(00000005)</div>
<div dir="auto">TLS server extension "supported versions"
(id=43), len=2</div>
<div dir="auto">0000 - 03 04
..</div>
<div dir="auto">TLS server extension "key share" (id=51), len=36</div>
<div dir="auto">0000 - 00 1d 00 20 3b 06 9a e5-21 16 73 b1 db 04
55 47 ... ;.</div>
<div dir="auto">..!.s...UG</div>
<div dir="auto">0010 - 33 5a e0 98 af bf ba 3e-e6 0d 69 40 38 f8
c8 0b 3Z....</div>
<div dir="auto">.>..i@8...</div>
<div dir="auto">0020 - ed 79 f2 48
.y.H</div>
<div dir="auto">TLS server extension "server name" (id=0), len=0</div>
<div dir="auto">depth=2 O = Digital Signature Trust Co., CN =
DST Root CA X3</div>
<div dir="auto">verify return:1</div>
<div dir="auto">depth=1 C = US, O = Let's Encrypt, CN = Let's
Encrypt Authority</div>
<div dir="auto"> X3</div>
<div dir="auto">verify return:1</div>
<div dir="auto">depth=0 CN = <a href="http://sip.mydomain.com"
moz-do-not-send="true">sip.mydomain.com</a></div>
<div dir="auto">verify return:1</div>
<div dir="auto">---</div>
<div dir="auto">Certificate chain</div>
<div dir="auto"> 0 s:CN = <a href="http://sip.mydomain.com"
moz-do-not-send="true">sip.mydomain.com</a></div>
<div dir="auto"> i:C = US, O = Let's Encrypt, CN = Let's
Encrypt Authority X3</div>
<div dir="auto"> 1 s:C = US, O = Let's Encrypt, CN = Let's
Encrypt Authority X3</div>
<div dir="auto"> i:O = Digital Signature Trust Co., CN = DST
Root CA X3</div>
<div dir="auto">---</div>
<div dir="auto">Server certificate</div>
<div dir="auto">-----BEGIN CERTIFICATE-----</div>
<div dir="auto"><br>
</div>
<div dir="auto">[REDACTED]</div>
<div dir="auto"><br>
</div>
<div dir="auto">-----END CERTIFICATE-----</div>
<div dir="auto">subject=CN = <a href="http://sip.mydomain.com"
moz-do-not-send="true">sip.mydomain.com</a></div>
<div dir="auto"><br>
</div>
<div dir="auto">issuer=C = US, O = Let's Encrypt, CN = Let's
Encrypt Authority</div>
<div dir="auto">X3</div>
<div dir="auto"><br>
</div>
<div dir="auto">---</div>
<div dir="auto">No client certificate CA names sent</div>
<div dir="auto">Peer signing digest: SHA256</div>
<div dir="auto">Peer signature type: RSA-PSS</div>
<div dir="auto">Server Temp Key: X25519, 253 bits</div>
<div dir="auto">---</div>
<div dir="auto">SSL handshake has read 3115 bytes and written
400 bytes</div>
<div dir="auto">Verification: OK</div>
<div dir="auto">---</div>
<div dir="auto">New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384</div>
<div dir="auto">Server public key is 2048 bit</div>
<div dir="auto">Secure Renegotiation IS NOT supported</div>
<div dir="auto">Compression: NONE</div>
<div dir="auto">Expansion: NONE</div>
<div dir="auto">No ALPN negotiated</div>
<div dir="auto">Early data was not sent</div>
<div dir="auto">Verify return code: 0 (ok)</div>
<div dir="auto">---</div>
<div dir="auto">read:errno=0</div>
<div dir="auto"><br>
</div>
<div class="gmail_quote" dir="auto">
<div dir="ltr" class="gmail_attr"><br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div> </div>
</blockquote>
</div>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Funding: <a class="moz-txt-link-freetext" href="https://www.paypal.me/dcmierla">https://www.paypal.me/dcmierla</a></pre>
</body>
</html>