In Wireshark I see an Alert Handshake failure, coming from the Kamailio server.
[image: image.png] The same in ssldump:
[image: image.png]
My first thought is that something is wrong with the SSL ciphers on the server where Kamailio is running, this is the list I'm getting from the MS in the Client Hello packet:
[image: image.png] Maybe the openssl version is too old on the server running kamailio? OpenSSL 1.0.2k-fips 26 Jan 2017
On Fri, 24 Feb 2023 at 08:31, Sergey Safarov s.safarov@gmail.com wrote:
You can capture pcap via TLS port and check using Wireshark. It may provided some info.
On Thu, Feb 23, 2023, 8:33 PM iliusha.md@gmail.com wrote:
Hello,
We have one Kamailio Instance connected with MS Teams (based on this
instruction: https://skalatan.de/en/blog/kamailio-sbc-teams), which worked fine for a while until recently we noticed that calls from teams are not working anymore. When I looked through the logs I found that Microsoft cannot establish a TLS connection to our server because of the cipher:
TLS accept:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared
cipher (sni: sbc.example.com - domain is obfuscated).
Certificate is valid, the configuration is below:
[server:default] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.key
certificate = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.crt
server_name = sbc1-teams.example.net ca_list = /usr/local/etc/kamailio/certs/sectigo_ca.pem #ca_list=/etc/ssl/certs/ca-bundle.crt
[client:default] method = TLSv1.2+ verify_certificate = no require_certificate = no private_key = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.key
certificate = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.crt
ca_list = /usr/local/etc/kamailio/certs/sectigo_ca.pem #ca_list=/etc/ssl/certs/ca-bundle.crt
We use a certificate from Sectigo, but I've tried with Let's Encrypt -
and it's the same. Any idea what could be the reason?
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-leave@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
