Hello,

looks like client side is doing renegotiation, which is disabled by default:

  * https://www.kamailio.org/docs/modules/devel/modules/tls.html#tls.p.renegotiation

Cheers,
Daniel

On 19.11.19 21:22, Andrew Chen wrote:
Hi guys,

I was wondering if someone can help decipher what these few lines mean?

Nov 19 20:12:50 sjomainkama51 /usr/sbin/kamailio[21501]: DEBUG: tls [tls_server.c:431]: tls_accept(): tls_accept: new connection from 10.94.98.18:51698 using TLSv1.3 TLS_AES_256_GCM_SHA384 256
Nov 19 20:12:50 sjomainkama51 /usr/sbin/kamailio[21501]: DEBUG: tls [tls_server.c:434]: tls_accept(): tls_accept: local socket: 206.81.191.45:443
Nov 19 20:12:50 sjomainkama51 /usr/sbin/kamailio[21501]: DEBUG: tls [tls_server.c:445]: tls_accept(): tls_accept: client did not present a certificate
Nov 19 20:12:50 sjomainkama51 /usr/sbin/kamailio[21501]: DEBUG: tls [tls_server.c:1189]: tls_read_f(): Reading on a renegotiation of connection (n:1652) (0)
Nov 19 20:12:50 sjomainkama51 /usr/sbin/kamailio[21501]: DEBUG: <core> [core/tcp_read.c:1527]: tcp_read_req(): EOF
Nov 19 20:12:50 sjomainkama51 /usr/sbin/kamailio[21501]: DEBUG: <core> [core/io_wait.h:602]: io_watch_del(): DBG: io_watch_del (0x56367f8b8f80, 12, -1, 0x10) fd_no=2 called
Nov 19 20:12:50 sjomainkama51 /usr/sbin/kamailio[21501]: DEBUG: <core> [core/tcp_read.c:1680]: release_tcpconn(): releasing con 0x7fcfc20c57b0, state -1, fd=12, id=23 ([10.94.98.18]:51698 -> [10.94.98.18]:443)
Nov 19 20:12:50 sjomainkama51 /usr/sbin/kamailio[21501]: DEBUG: <core> [core/tcp_read.c:1684]: release_tcpconn(): extra_data 0x7fcfc2089f88
Nov 19 20:12:50 sjomainkama51 /usr/sbin/kamailio[21517]: DEBUG: <core> [core/tcp_main.c:3320]: handle_tcp_child(): reader response= 7fcfc20c57b0, -1 from 16
Nov 19 20:12:50 sjomainkama51 /usr/sbin/kamailio[21517]: DEBUG: tls [tls_server.c:683]: tls_h_close(): Closing SSL connection 0x7fcfc2089f88

Bottom line is kamailio closed the connection and I have method setting to this:

root@sjomainkama51:/etc/kamailio # grep method tls.cfg
method = TLSv1.1+

Supposedly this should work?

--
Andy Chen
Sr. Telephony Lead Engineer



*Confidentiality Notice: The information contained in this e-mail and any
attachments may be confidential. If you are not an intended recipient, you
are hereby notified that any dissemination, distribution or copying of this
e-mail is strictly prohibited. If you have received this e-mail in error,
please notify the sender and permanently delete the e-mail and any
attachments immediately. You should not retain, copy or use this e-mail or
any attachment for any purpose, nor disclose all or any part of the
contents to any other person. Thank you.* 
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference - April 27-29, 2020, in Berlin -- www.kamailioworld.com