[sr-dev] [kamailio/kamailio] Kamailio not using SNI in incoming requests (#1938)

Laszlo notifications at github.com
Tue Apr 30 14:47:42 CEST 2019


Debug output below:

```
~$ openssl s_client -servername sni.example.com -tlsextdebug -connect kamailio.ip:5061
CONNECTED(00000005)
TLS server extension "renegotiation info" (id=65281), len=1
0000 - 00                                                .
TLS server extension "session ticket" (id=35), len=0
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = sip.domain.com
verify return:1
---
Certificate chain
 0 s:CN = sip.domain.com
   i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
<SNIP>
-----END CERTIFICATE-----
subject=CN = sip.domain.com

issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3

---
No client certificate CA names sent
---
SSL handshake has read 3084 bytes and written 643 bytes
Verification: OK
---
New, SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: E3A3D9D68F13161B4FFA1DCA287A79A4DC168F52A52545EF609059990B10CE47
    Session-ID-ctx: 
    Master-Key: B49446FC32E2CD4FE6D0AFCF27A936AB2A3AE1BE277E3F84F21EB6592AE13B7D4E3D629A957ACB64C1C6A0A0D5EB437B
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - 60 4c 56 29 08 8f 27 53-cd 5f e9 4f 2e e9 1a 66   `LV)..'S._.O...f
    0010 - 3a 3d e2 e5 54 8b 28 6c-73 f0 cd 54 d4 f9 00 92   :=..T.(ls..T....
    0020 - 42 94 26 05 f6 f2 d7 45-c1 31 d8 c3 5d 1b 59 6d   B.&....E.1..].Ym
    0030 - f9 6e 56 e8 03 1c 27 89-40 3e 04 e7 a5 1e c5 18   .nV...'.@>......
    0040 - 50 26 12 b8 a8 42 cc 77-41 ef fd 03 12 ff c9 d9   P&...B.wA.......
    0050 - f0 93 cc 82 61 29 e4 99-33 f1 56 eb 82 82 58 ac   ....a)..3.V...X.
    0060 - 80 84 d1 9e 85 bb 45 c0-50 50 25 5d 4d e7 c0 b6   ......E.PP%]M...
    0070 - 34 22 94 a9 93 35 2c 5d-78 22 14 b1 bb 90 f3 02   4"...5,]x"......
    0080 - fb 9d f9 f0 e0 1b 67 a9-98 a9 88 94 4e d4 70 0c   ......g.....N.p.
    0090 - 91 38 fb 79 bb 94 3b e2-8e 8b ea ee a0 0d 26 d7   .8.y..;.......&.
    00a0 - 19 84 9b cb f0 70 c1 b7-2a b9 09 b3 7a 4a 4f 7a   .....p..*...zJOz
    00b0 - da 99 49 c0 2d b3 2e 00-d3 37 e1 7e 16 fa 17 8d   ..I.-....7.~....

    Start Time: 1556628284
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
```

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/1938#issuecomment-487938476
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20190430/f8d8e399/attachment.html>


More information about the sr-dev mailing list