Debug output below:
``` ~$ openssl s_client -servername sni.example.com -tlsextdebug -connect kamailio.ip:5061 CONNECTED(00000005) TLS server extension "renegotiation info" (id=65281), len=1 0000 - 00 . TLS server extension "session ticket" (id=35), len=0 depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 depth=0 CN = sip.domain.com verify return:1 --- Certificate chain 0 s:CN = sip.domain.com i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- <SNIP> -----END CERTIFICATE----- subject=CN = sip.domain.com
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
--- No client certificate CA names sent --- SSL handshake has read 3084 bytes and written 643 bytes Verification: OK --- New, SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: E3A3D9D68F13161B4FFA1DCA287A79A4DC168F52A52545EF609059990B10CE47 Session-ID-ctx: Master-Key: B49446FC32E2CD4FE6D0AFCF27A936AB2A3AE1BE277E3F84F21EB6592AE13B7D4E3D629A957ACB64C1C6A0A0D5EB437B PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 60 4c 56 29 08 8f 27 53-cd 5f e9 4f 2e e9 1a 66 `LV)..'S._.O...f 0010 - 3a 3d e2 e5 54 8b 28 6c-73 f0 cd 54 d4 f9 00 92 :=..T.(ls..T.... 0020 - 42 94 26 05 f6 f2 d7 45-c1 31 d8 c3 5d 1b 59 6d B.&....E.1..].Ym 0030 - f9 6e 56 e8 03 1c 27 89-40 3e 04 e7 a5 1e c5 18 .nV...'.@>...... 0040 - 50 26 12 b8 a8 42 cc 77-41 ef fd 03 12 ff c9 d9 P&...B.wA....... 0050 - f0 93 cc 82 61 29 e4 99-33 f1 56 eb 82 82 58 ac ....a)..3.V...X. 0060 - 80 84 d1 9e 85 bb 45 c0-50 50 25 5d 4d e7 c0 b6 ......E.PP%]M... 0070 - 34 22 94 a9 93 35 2c 5d-78 22 14 b1 bb 90 f3 02 4"...5,]x"...... 0080 - fb 9d f9 f0 e0 1b 67 a9-98 a9 88 94 4e d4 70 0c ......g.....N.p. 0090 - 91 38 fb 79 bb 94 3b e2-8e 8b ea ee a0 0d 26 d7 .8.y..;.......&. 00a0 - 19 84 9b cb f0 70 c1 b7-2a b9 09 b3 7a 4a 4f 7a .....p..*...zJOz 00b0 - da 99 49 c0 2d b3 2e 00-d3 37 e1 7e 16 fa 17 8d ..I.-....7.~....
Start Time: 1556628284 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no ```