[SR-Users] sip over tls is not working

Peter Dunkley peter.dunkley at crocodile-rcs.com
Wed Jul 11 21:33:22 CEST 2012 

Hi,

I have just built Kamailio from Git master, configured TCP and TLS, and an
HTTP event route.  I was able to connect to Kamailio over TLS using Google
Chrome (and saw the "SSL Error: The site's security certificate is not
trusted!" page).  After I clicked on "Proceed anyway" I saw the log
message I put in the HTTP event route come out.

I also logged in with Jitsi using TLS and that worked fine too.

I tried this with both the WebSocket module loaded and without it, and it
worked in both cases.

I also tried the above with TCP and that worked fine as well.

As far as I can tell TLS is working in Kamailio Git master.

Regards,

Peter


> On Wed, Jul 11, 2012 at 9:37 PM, Peter Dunkley
> <peter.dunkley at crocodile-rcs.com> wrote:
>>
>> Hi,
>>
>> WebSockets over TLS works which requires establishing a TLS connection
>> and
>> exchanging an HTTP request and response.  It doesn't sound like this
>> connection is even getting passed the TLS handshake part?
>>
>> Peter
>>
>
> Hi,
> That was my first guess. I will run some tests with plain tcp socket
> and post update.
>
> cheers.
>
>>
>> On Wed, 2012-07-11 at 17:14 +0200, Klaus Darilion wrote:
>>
>> Maybe there were some changes fore websocket support which cause
>> problems. Do plain TCP connections work?
>>
>> klaus
>>
>> On 11.07.2012 16:20, Aft nix wrote:
>> > On Wed, Jul 11, 2012 at 6:56 PM, Klaus Darilion
>> > <klaus.mailinglists at pernau.at> wrote:
>> >> I just tested TLS with Kamailio 3.3.0 and Eyebeam and it works. Make
>> >> sure to
>> >> specify "ca_list" if intermediate certificates are used.
>> >>
>> >
>> > I was working with master branch, not 3.3 branch.
>> >
>> >>
>> >> regards
>> >> Klaus
>> >>
>> >> On 09.07.2012 13:27, Aft nix wrote:
>> >>>
>> >>> Hi,
>> >>>
>> >>> I have enabled tls parameters as follows:
>> >>>
>> >>> in kamailio.cfg
>> >>>
>> >>> listen = tls:<IP>:<PORT>
>> >>>
>> >>> in tls.cfg
>> >>>
>> >>> [server:<IP>:<PORT>]
>> >>> method = TLSv1
>> >>> verify_certificate = no
>> >>> require_certificate = no
>> >>> private_key = /usr/local/etc/kamailio/kamailio-selfsigned.key
>> >>> certificate = /usr/local/etc/kamailio/
>> kamailio-selfsigned.pem
>> >>>
>> >>> Now if i try to connect to this interface using openssl s_client, it
>> >>> does connects,
>> >>> but now server certificate is sent from kamailio.
>> >>>
>> >>> kamailio log shows this :
>> >>>
>> >>>     <core> [ip_addr.c:247]: tcpconn_new: new tcp connection: <CLIENT
>> >>> IP>
>> >>>     <core> [tcp_main.c:10

More information about the sr-users mailing list