<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">Hi Guys<div><br></div><div>I am getting a strange tls error and not sure why</div><div>my kamailio config is</div><div><br></div><div><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(50,244,241)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">#!define WITH_TLS</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(50,244,241)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">#!ifdef WITH_TLS</span></p><p class="gmail-p3" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);letter-spacing:normal;white-space:normal"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">enable_tls=</span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)">1</span></p><p class="gmail-p4" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:400;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(251,30,255);letter-spacing:normal;white-space:normal"><span class="gmail-s3" style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)">listen=</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">tls:<a href="http://1.2.3.4:5061">1.2.3.4:5061</a></span></p><p class="gmail-p3" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);letter-spacing:normal;white-space:normal"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">/* upper limit for TLS connections */</span></p><p class="gmail-p3" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);letter-spacing:normal;white-space:normal"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">tls_max_connections=</span><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)">2048</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(50,244,241)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">#!endif</span></p></div><div><br></div><div><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(50,244,241)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">#!ifdef WITH_TLS</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">loadmodule "tls.so"</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(50,244,241)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">#!endif</span></p></div><div><br></div><div><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(50,244,241)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">#!ifdef WITH_TLS</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(50,244,241)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"># ----- tls params -----</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">modparam("tls", "config", "/usr/local/etc/kamailio/tls.cfg")</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(50,244,241)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">#!endif</span></p></div><div><br></div><div>###tls.cfg</div><div><br></div><div><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(128,255,167)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">[server:default]</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(251,30,255)"><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)">method =</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"> TLSv1.2+</span></p><p class="gmail-p3" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);letter-spacing:normal;white-space:normal"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">verify_certificate =</span><span class="gmail-s3" style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)"> </span><span class="gmail-s4" style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">yes</span></p><p class="gmail-p3" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);letter-spacing:normal;white-space:normal"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">require_certificate =</span><span class="gmail-s3" style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)"> </span><span class="gmail-s4" style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">yes</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(251,30,255)"><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)">private_key =</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"> /usr/local/etc/kamailio/certs/privkey.pem</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(251,30,255)"><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)">certificate =</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"> /usr/local/etc/kamailio/certs/cert.crt</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(251,30,255)"><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)">ca_list =</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"> /usr/local/etc/kamailio/certs/cacert.pem</span></p><p class="gmail-p4" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-weight:400;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);min-height:13px;letter-spacing:normal;white-space:normal"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"></span><br></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(128,255,167)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">[client:default]</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(251,30,255)"><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)">method =</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"> TLSv1.2+</span></p><p class="gmail-p3" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);letter-spacing:normal;white-space:normal"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">verify_certificate =</span><span class="gmail-s3" style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)"> </span><span class="gmail-s4" style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">yes</span></p><p class="gmail-p3" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);letter-spacing:normal;white-space:normal"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">require_certificate =</span><span class="gmail-s3" style="font-variant-ligatures:no-common-ligatures;color:rgb(251,30,255)"> </span><span class="gmail-s4" style="font-variant-ligatures:no-common-ligatures;color:rgb(235,239,24)">yes</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(251,30,255)"><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)">private_key =</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"> /usr/local/etc/kamailio/certs/privkey.pem</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(251,30,255)"><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)">certificate =</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"> /usr/local/etc/kamailio/certs/cert.crt</span></p><p class="gmail-p2" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(251,30,255)"><span class="gmail-s2" style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0)">ca_list =</span><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures"> /usr/local/etc/kamailio/certs/cacert.pem</span></p></div><div><br></div><div><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 24 10:31:07kama1 /usr/local/sbin/kamailio[8708]: INFO: {1 1 OPTIONS 84bbc013-5cd1-43a7-a240-106ec00aa628} <core> [core/tcp_main.c:2948]: tcpconn_1st_send(): quick connect for 0x7f776544c978 sock 13</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 24 10:31:07kama1 /usr/local/sbin/kamailio[8711]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 24 10:31:07kama1 /usr/local/sbin/kamailio[8711]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS accept:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 24 10:31:07kama1 /usr/local/sbin/kamailio[8711]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 1.2.3.4</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 24 10:31:07kama1 /usr/local/sbin/kamailio[8711]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 1.2.3.4</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 24 10:31:07kama1 /usr/local/sbin/kamailio[8711]: ERROR: <core> [core/tcp_read.c:1473]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f7765419b50 r: 0x7f7765419c78 (-1)</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 24 10:31:07kama1 /usr/local/sbin/kamailio[8712]: ERROR: tls [tls_server.c:1283]: tls_h_read_f(): protocol level error</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 24 10:31:07kama1 /usr/local/sbin/kamailio[8712]: ERROR: tls [tls_server.c:1287]: tls_h_read_f(): source IP: 1.2.3.4</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 24 10:31:07kama1 /usr/local/sbin/kamailio[8712]: ERROR: tls [tls_server.c:1290]: tls_h_read_f(): destination IP: 1.2.3.4</span></p><p class="gmail-p1" style="margin:0px;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:11px;line-height:normal;font-family:Menlo;color:rgb(0,0,0)"><span class="gmail-s1" style="font-variant-ligatures:no-common-ligatures">Sep 24 10:31:07kama1 /usr/local/sbin/kamailio[8712]: ERROR: <core> [core/tcp_read.c:1473]: tcp_read_req(): ERROR: tcp_read_req: error reading - c: 0x7f776544c978 r: 0x7f776544caa0 (-1)</span></p></div></div></div></div></div></div></div></div>