Hi all, I'm trying to use the TLS module in order to allow the secure communication between Kamailio server v. 3.1.3 as registrar and presence server and my PC Client. I'm using SIP Communicator (Jitsi).
When the PC client open the SSL connection to Kamailio server for Register/Subscriber/Publish messages, all seems OK. We see the PC client send "Client Hello" and the Kamailio answer "Server Hello" then they exchange the SIP messages (Register/Subscriber/Publish and thier answer).
We observed a strange behavior, when Kamailio try to send the Notify to PC client, it open a new SSL connection as a client from kamailio to PC client and send the "Client Hello" to PC client, but PC client send back the Handshake Failure (40) Fatal error back to Kamailio.
Here are the doubts: - why kamailio open a new ssl connection to PC in order to send the Notify even the ssl connection is already opened by PC? - is it the problem of the PC client which can not treat as a SSL server?
Is it a PC client's problem or Kamailio's problem?
The error in the kamailio site is: /usr/sbin/kamailio[4483]: ERROR: tls [tls_server.c:1174]: TLS connect:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure /usr/sbin/kamailio[4483]: ERROR: <core> [tcp_read.c:882]: ERROR: tcp_read_req: error reading
Could you please suggest another SIP client supporting the TLS protocol?
thanks anf kind regards.
laura
laura testi writes:
Is it a PC client's problem or Kamailio's problem?
The error in the kamailio site is: /usr/sbin/kamailio[4483]: ERROR: tls [tls_server.c:1174]: TLS connect:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure /usr/sbin/kamailio[4483]: ERROR: <core> [tcp_read.c:882]: ERROR: tcp_read_req: error reading
the problem may be with your config file. this works for me for reuse of tcp (tls) connections:
http://sip-router.org/wiki/tutorials/alias-example
-- juha
i simplified the tutorial by removing the option of NOT re-using tcp/tls connections:
http://sip-router.org/wiki/tutorials/alias-example
-- juha
Yes, the problem is that the SIP client can not act as TLS server as it does not have a TLS certificate.
You need a mapping of "user" to "TCP/TLS connection" to reuse the existing connection (opened by the user). kamailio does not automatically store such a mapping, but you can fake such a mapping by rewriting the clients Contact URI to store the TCP connection settings and use it when sending requests to the client.
The solution was already described by Juha.
regards klaus
On 22.04.2011 19:22, laura testi wrote:
Hi all, I'm trying to use the TLS module in order to allow the secure communication between Kamailio server v. 3.1.3 as registrar and presence server and my PC Client. I'm using SIP Communicator (Jitsi).
When the PC client open the SSL connection to Kamailio server for Register/Subscriber/Publish messages, all seems OK. We see the PC client send "Client Hello" and the Kamailio answer "Server Hello" then they exchange the SIP messages (Register/Subscriber/Publish and thier answer).
We observed a strange behavior, when Kamailio try to send the Notify to PC client, it open a new SSL connection as a client from kamailio to PC client and send the "Client Hello" to PC client, but PC client send back the Handshake Failure (40) Fatal error back to Kamailio.
Here are the doubts:
- why kamailio open a new ssl connection to PC in order to send the
Notify even the ssl connection is already opened by PC?
- is it the problem of the PC client which can not treat as a SSL server?
Is it a PC client's problem or Kamailio's problem?
The error in the kamailio site is: /usr/sbin/kamailio[4483]: ERROR: tls [tls_server.c:1174]: TLS connect:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure /usr/sbin/kamailio[4483]: ERROR: <core> [tcp_read.c:882]: ERROR: tcp_read_req: error reading
Could you please suggest another SIP client supporting the TLS protocol?
thanks anf kind regards.
laura
sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev