[sr-dev] [kamailio/kamailio] Kamailio 5.4.3 Tls connection issue (#2357)

Kamailio close the TCP connection whenever the client sends a request .i am observing two different behavior. when I configure "listen=tls:10.66.60.190:5061 advertise 54.214.14.120:5061" in kamailio.cfg tcp connection closed immediately(RST,ACK) upon receiving of client TCP (SYN) message. when I configured "listen=tcp:10.66.60.190:5061 advertise 54.214.14.120:5061" in kamailio.cfg tcp connection closed after "Client Hello" in TLSv1. ####### Global Parameters ######### ### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR #!ifdef WITH_DEBUG debug=4 log_stderror=yes #!else debug=4 log_stderror=no #!endif memdbg=5 memlog=5 log_facility=LOG_LOCAL0 log_prefix="{$mt $hdr(CSeq) $ci} " /* number of SIP routing processes for each UDP socket * - value inherited by tcp_children and sctp_children when not set explicitely */ children=8 /* uncomment the next line to disable TCP (default on) */ # disable_tcp=yes /* number of SIP routing processes for all TCP/TLS sockets */ tcp_children=8 /* uncomment the next line to disable the auto discovery of local aliases * based on reverse DNS on IPs (default on) */ # auto_aliases=no /* add local domain aliases */ #alias="sip.mydomain.com" /* uncomment and configure the following line if you want Kamailio to * bind on a specific interface/port/proto (default bind on all available) */ listen=tls:10.60.16.149:5061 advertise 54.204.184.189:5061 listen=udp:10.60.16.149:5070 /* life time of TCP connection when there is no traffic * - a bit higher than registration expires to cope with UA behind NAT */ tcp_connection_lifetime=3605 /* upper limit for TCP connections (it includes the TLS connections) */ tcp_max_connections=2048 #!ifdef WITH_TLS enable_tls=yes /* upper limit for TLS connections */ tls_max_connections=2048 #!endif #!ifdef WITH_TLS loadmodule "tls.so" #!endif #!ifdef WITH_TLS # ----- tls params ----- modparam("tls", "config", "/etc/kamailio/tls.cfg") #!endif tls.cfg: [server:default] method = TLSv1.0 verify_certificate = no require_certificate = no private_key = /etc/kamailio/privkey.pem certificate = /etc/kamailio/kamailio1_cert.pem #ca_list = /etc/kamailio/calist.pem #crl = /etc/kamailio/tls/crl.pem # --- # This is the default client domain profile. # Settings in this domain will be used for all outgoing # TLS connections that do not match any other # client domain in this configuration file. # We require that servers present valid certificate. # [client:default] #method = TLSv1.2+ verify_certificate = yes require_certificate = yes -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/2357