[SR-Users] TLS Handshake failing with WSS

Daniel-Constantin Mierla miconda at gmail.com
Mon Sep 8 14:57:39 CEST 2014 

Hello,

if you run latest versions of web browsers, they become more restrictive 
on wss connection. Be sure that the cetificate is also trusted by the 
web browser.

You can go with the web browser to https://ipofkamailio:portforwss and 
see if you get any warnings there.

Cheers,
Daniel

On 06/09/14 17:23, Manuel Camarg wrote:
> I'm trying to implement WSS with Kamailio
> Thing is that WS works fine, I've followed:
> http://nil.uniza.sk/sip/kamailio/configuring-kamailio-4x-websocket
>
> modparam("tls", "config", "webrtc/tls.cfg")
> In a tls.cfg file I have :
>
> [server:default]
> method = SSLv23
> verify_certificate = no
> require_certificate = no
> private_key = webrtc/private.key
> certificate = webrtc/ssl.pem
> ca_list = webrtc/ca_list.pem
>
> In the log file:
>
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:178]: 
> tls_complete_init(): Using TLS domain TLSs<default>
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:700]: 
> sr_ssl_ctx_info_callback(): SSL handshake started
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]: 
> tcpconn_do_send(): tcp_send: sending...
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]: 
> tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 
> n=5524 fd=11
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]: 
> tcpconn_do_send(): tcp_send: buf=#012#026#003#003
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:390]: 
> io_watch_add(): DBG: io_watch_add(0x8e0040, 11, 2, 0x7f7513516958), 
> fd_no=1
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:712]: 
> sr_ssl_ctx_info_callback(): SSL handshake done
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_domain.c:715]: 
> sr_ssl_ctx_info_callback(): SSL disable renegotiation
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:348]: 
> tls_accept(): TLS accept successful
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:355]: 
> tls_accept(): tls_accept: new connection from 123.123.123.123:63300 
> <http://123.123.123.123:63300> using TLSv1/SSLv3 AES256-SHA 256
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:358]: 
> tls_accept(): tls_accept: local socket: 124.124.124.124:10443 
> <http://124.124.124.124:10443>
> /usr/local/sbin/kamailio[4025]: DEBUG: tls [tls_server.c:369]: 
> tls_accept(): tls_accept: client did not present a certificate
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2556]: 
> tcpconn_do_send(): tcp_send: sending...
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2590]: 
> tcpconn_do_send(): tcp_send: after real write: c= 0x7f7513516958 n=282 
> fd=11
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_main.c:2591]: 
> tcpconn_do_send(): tcp_send: buf=#012#026#003#003
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:296]: 
> tcp_read_data(): EOF on 0x7f7513516958, FD 11
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1293]: 
> tcp_read_req(): tcp_read_req: EOF
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [io_wait.h:617]: 
> io_watch_del(): DBG: io_watch_del (0x8e0040, 11, -1, 0x10) fd_no=2 called
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1437]: 
> release_tcpconn(): releasing con 0x7f7513516958, state -1, fd=11, id=2
> /usr/local/sbin/kamailio[4025]: DEBUG: <core> [tcp_read.c:1438]: 
> release_tcpconn():  extra_data 0x7f7513510a88
> /usr/local/sbin/kamailio[4029]: DEBUG: <core> [tcp_main.c:3385]: 
> handle_tcp_child(): handle_tcp_child: reader response= 7f7513516958, 
> -1 from 1
> /usr/local/sbin/kamailio[4029]: DEBUG: tls [tls_server.c:597]: 
> tls_h_close(): Closing SSL connection 0x7f7513510a88
>
> In sipml5 the error:
>
> /Disconnected: *Failed to connect to the server*/
>
> In the Chrome console:
>
> /*__tsip_transport_ws_onerror
> */
> /*__tsip_transport_ws_onclose */
> /*
> */
> SSL certificates seem to be ok:
> # openssl verify -CAfile ca_list.pem ssl.pem
> ssl.pem: OK
>
> Can't figure out a solution :( Any ideas?
>
> *Manuel Camargo*
> Teléfono: 638000836
> eMail: sir.louen at gmail.com <mailto:sir.louen at gmail.com>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Next Kamailio Advanced Trainings 2014 - http://www.asipto.com
Sep 22-25, Berlin, Germany

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140908/c447b5e9/attachment.html>

More information about the sr-users mailing list