[sr-dev] [kamailio/kamailio] Kamailio 5.4.3 Tls connection issue (#2357)

uttameast notifications at github.com
Fri Jun 12 21:41:08 CEST 2020 

Kamailio close the TCP connection whenever the client sends a request .i am observing two different behavior.

when I configure "listen=tls:10.66.60.190:5061 advertise 54.214.14.120:5061" in kamailio.cfg
tcp connection closed immediately(RST,ACK) upon receiving of client TCP (SYN) message.

when I configured "listen=tcp:10.66.60.190:5061 advertise 54.214.14.120:5061" in kamailio.cfg
tcp connection closed after "Client Hello" in TLSv1.

####### Global Parameters #########

### LOG Levels: 3=DBG, 2=INFO, 1=NOTICE, 0=WARN, -1=ERR
#!ifdef WITH_DEBUG
debug=4
log_stderror=yes
#!else
debug=4
log_stderror=no
#!endif

memdbg=5
memlog=5

log_facility=LOG_LOCAL0
log_prefix="{$mt $hdr(CSeq) $ci} "

/* number of SIP routing processes for each UDP socket
 * - value inherited by tcp_children and sctp_children when not set explicitely */
children=8

/* uncomment the next line to disable TCP (default on) */
# disable_tcp=yes

/* number of SIP routing processes for all TCP/TLS sockets */
tcp_children=8

/* uncomment the next line to disable the auto discovery of local aliases
 * based on reverse DNS on IPs (default on) */
# auto_aliases=no

/* add local domain aliases */
#alias="sip.mydomain.com"

/* uncomment and configure the following line if you want Kamailio to
 * bind on a specific interface/port/proto (default bind on all available) */
listen=tls:10.60.16.149:5061 advertise 54.204.184.189:5061
listen=udp:10.60.16.149:5070

/* life time of TCP connection when there is no traffic
 * - a bit higher than registration expires to cope with UA behind NAT */
tcp_connection_lifetime=3605

/* upper limit for TCP connections (it includes the TLS connections) */
tcp_max_connections=2048

#!ifdef WITH_TLS
enable_tls=yes

/* upper limit for TLS connections */
tls_max_connections=2048
#!endif


#!ifdef WITH_TLS
loadmodule "tls.so"
#!endif
#!ifdef WITH_TLS
# ----- tls params -----
modparam("tls", "config", "/etc/kamailio/tls.cfg")
#!endif

tls.cfg:

[server:default]
method = TLSv1.0
verify_certificate = no
require_certificate = no
private_key = /etc/kamailio/privkey.pem
certificate = /etc/kamailio/kamailio1_cert.pem
#ca_list = /etc/kamailio/calist.pem
#crl = /etc/kamailio/tls/crl.pem

# ---
# This is the default client domain profile.
# Settings in this domain will be used for all outgoing
# TLS connections that do not match any other
# client domain in this configuration file.
# We require that servers present valid certificate.
#
[client:default]
#method = TLSv1.2+
verify_certificate = yes
require_certificate = yes



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2357
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20200612/34450a5f/attachment.html>

More information about the sr-dev mailing list