[SR-Users] TLS Handshake failing with WSS

Waite, Hugh hugh.waite at acision.com
Thu Sep 11 11:20:46 CEST 2014 

Hi Manuel,

If there is a websocket handshake error / incorrect port etc, then you will send an HTTP error and close the connection (otherwise non-websocket connections could use up resources).

If the handshake is successful, then the connection is upgraded and no HTTP final response is ever sent, hence the connection is not closed. Our implementation is working fine with this line in there.



The log excerpt you gave on Monday shows two connections. The second was for a normal browser GET, not a websocket, so it finds the end-of-header marker instead of the Upgrade header and closes the connection.

The first connection doesn't look like it even gets as far as the event route before it is disconnected. I suspect a TLS handshake failure.

Can you look at a network trace of the connection? Wireshark will show if there is a certificate failure and which side sent it.





Regards,

Hugh





-----Original Message-----
From: sr-users-bounces at lists.sip-router.org [mailto:sr-users-bounces at lists.sip-router.org] On Behalf Of Daniel-Constantin Mierla
Sent: 10 September 2014 18:00
To: Juha Heinanen; Kamailio (SER) - Users Mailing List
Cc: Manuel Camarg
Subject: Re: [SR-Users] TLS Handshake failing with WSS





On 10/09/14 18:43, Juha Heinanen wrote:

> Daniel-Constantin Mierla writes:

>

>> The set_reply_close() should be removed from there.

> why is that? my wss clients

are they ws (over tcp) or wss (over tls)?



>   work fine even when i have:

>

> event_route[xhttp:request] {  # Handle HTTP requests

>

>             set_reply_close();

>             set_reply_no_connect();

>

> this was included in the original instructions when wss transport was

> introduced to kamailio.

I guess the example was built on top of the one for xhttp module which closes the connection after sending the http reply.



On the other hand, I remember that I tested with default example some time ago and worked. However, more recent versions of browsers don't work with that anymore. What browser (or wss client) are you using?



Cheers,

Daniel



--

Daniel-Constantin Mierla

http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

Next Kamailio Advanced Trainings 2014 - http://www.asipto.com Sep 22-25, Berlin, Germany





_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

sr-users at lists.sip-router.org<mailto:sr-users at lists.sip-router.org>

http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

________________________________
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you for understanding.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140911/8cb0251e/attachment.html>

More information about the sr-users mailing list