13 Sep
2010
13 Sep
'10
5:40 a.m.
Am 13.09.2010 11:10, schrieb peter_green lion:
enable_tls=1
tcp_async=no
listen=tls:192.168.1.81:5060
The default is for TLS is port 5061.
modparam("tls", "tls_method", "TLSv1")
modparam("tls", "tls_method", "SSLv23")
You can not use TLS and SSL - only on e or the other. SIP is
standardized with TLSv1. Thus you should remove SSLv23 unless you
explicitely know that the client can not handle TLSv1 (then the client
would be buggy)
modparam("tls", "certificate",
"ser1_cert.pem")
modparam("tls", "private_key", "privkey.pem")
modparam("tls", "ca_list", "cacert.pem")
modparam("tls", "verify_certificate", 1)
modparam("tls",
"require_certificate", 1)
Here is the problem: You have configured Kamailio to require a client
certificate. Usually the SIP client does not have a TLS client
certificate, thus Kamailio will terminate the TLS connection with
handshake error. Set
modparam("tls", "require_certificate", 0)
and at least it should work with the "openssl s_client" tool.
regards
Klaus