My first thought is that something is wrong with the SSL ciphers on the server where Kamailio is running, this is the list I'm getting from the MS in the Client Hello packet:
On Fri, 24 Feb 2023 at 08:31, Sergey Safarov <
s.safarov@gmail.com> wrote:
>
> You can capture pcap via TLS port and check using Wireshark.
> It may provided some info.
>
> On Thu, Feb 23, 2023, 8:33 PM <
iliusha.md@gmail.com> wrote:
>>
>> Hello,
>>
>> We have one Kamailio Instance connected with MS Teams (based on this instruction:
https://skalatan.de/en/blog/kamailio-sbc-teams), which worked fine for a while until recently we noticed that calls from teams are not working anymore. When I looked through the logs I found that Microsoft cannot establish a TLS connection to our server because of the cipher:
>> TLS accept:error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher (sni:
sbc.example.com - domain is obfuscated).
>> Certificate is valid, the configuration is below:
>>
>> [server:default]
>> method = TLSv1.2+
>> verify_certificate = no
>> require_certificate = no
>> private_key = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.key>> certificate = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.crt>> server_name =
sbc1-teams.example.net>> ca_list = /usr/local/etc/kamailio/certs/sectigo_ca.pem
>> #ca_list=/etc/ssl/certs/ca-bundle.crt
>>
>> [client:default]
>> method = TLSv1.2+
>> verify_certificate = no
>> require_certificate = no
>> private_key = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.key>> certificate = /usr/local/etc/kamailio/certs/
example.net/sbc1-teams_example_net.crt>> ca_list = /usr/local/etc/kamailio/certs/sectigo_ca.pem
>> #ca_list=/etc/ssl/certs/ca-bundle.crt
>>
>> We use a certificate from Sectigo, but I've tried with Let's Encrypt - and it's the same. Any idea what could be the reason?
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> To unsubscribe send an email to
sr-users-leave@lists.kamailio.org>> Important: keep the mailing list in the recipients, do not reply only to the sender!
>> Edit mailing list options or unsubscribe:
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to
sr-users-leave@lists.kamailio.org> Important: keep the mailing list in the recipients, do not reply only to the sender!
> Edit mailing list options or unsubscribe: