Hello Kamailio!

I'm etting up a kamailio server where it will receive STIP TLS connections from Zoom.

kamailio is closing TLS connections with error stating "SSL routines::no shared cipher (sni: unknown)" as below

Sep 18 13:28:02 dalia kamailio[18529]:  9(18529) DEBUG: tls [tls_server.c:270]: tls_complete_init(): Using initial TLS domain TLSs<default> (dom 0x7fbcd1e9dac8 ctx 0x7fbcd2229258 sn [])

Sep 18 13:28:02 dalia kamailio[18529]:  9(18529) DEBUG: tls [tls_domain.c:1018]: tls_server_name_cb(): SSL_get_servername returned NULL: return SSL_TLSEXT_ERR_NOACK

Sep 18 13:28:02 dalia kamailio[18529]:  9(18529) DEBUG: <core> [core/tcp_main.c:2845]: tcpconn_do_send(): sending...

Sep 18 13:28:02 dalia kamailio[18529]:  9(18529) DEBUG: <core> [core/tcp_main.c:2881]: tcpconn_do_send(): after real write: c= 0x7fbcd3cb85d0 n=7 fd=8

Sep 18 13:28:02 dalia kamailio[18529]:  9(18529) DEBUG: <core> [core/tcp_main.c:2882]: tcpconn_do_send(): buf=

Sep 18 13:28:02 dalia kamailio[18529]: [3B blob data]

Sep 18 13:28:02 dalia kamailio[18529]:  9(18529) ERROR: tls [tls_server.c:1312]: tls_h_read_f(): protocol level error

Sep 18 13:28:02 dalia kamailio[18529]:  9(18529) ERROR: tls [tls_util.h:49]: tls_err_ret(): TLS accept:error:0A0000C1:SSL routines::no shared cipher (sni: unknown)

did a tcpdump trace to check the ciphers Zoom are using in the TLS client hello, and there are 4 and are supported by openssl on TLSv1.2, BUT the reis no server_name extension in the client hello.

is this related to kamailio refusing the connection because there is no server_name in the client hello or something else?, if yes can it be forced to accept TLS connection without server_name specified ?

my tls.cfg file is below

[server:default]

method = TLSv1.2

verify_certificate = no

require_certificate = no

private_key = /etc/kamailio/key.pem

certificate = /etc/kamailio/certificate.pem

ca_list = /etc/ssl/certs/ca-certificates.crt

ca_path = /etc/ssl/certs

[client:default]

method = TLSv1.2+

verify_certificate = no

require_certificate = no