[SR-Users] Websocket TLS Issue
Jade SZ
jitterbuffer at gmail.com
Thu Feb 2 18:39:36 CET 2017
Hi Guys,
I am trying to setup the following flow:
Browser >> WSS >> HA Proxy >>> WSS >> Kamailio
But getting TLS errors in Kamailio logs:
*[29634]: ERROR: <core> [tcp_read.c:1321]: tcp_read_req(): ERROR:
tcp_read_req: error reading - c: 0x7f68ebe872b0 r: 0x7f68ebe87330*
*[29631]: ERROR: tls [tls_util.h:42]: tls_err_ret(): TLS
accept:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number*
Browser <-----wss---->Kamailio works fine with same certs.
Both HA Proxy and Kamilio are installed on separate servers, hosting on
same port with different domain. Kamailio tls.conf has method = TLSv1
*@HA Proxy:*
openssl s_client -connect HA-PROXY-DOMAIN:*10443*
SSL-Session:
Protocol : TLSv1.2
*@Kamailio :*
openssl s_client -connect KAMAILIO-DOMAIN:*10443*
SSL-Session:
Protocol : TLSv1
So I made HA Proxy to be on TLSv1 "ssl-default-bind-options force-tlsv10"
But still I get the same TLS error in Kamailio.
*HA Proxy config looks like:*
*frontend public*
* bind *:10443 ssl crt /etc/haproxy/certs/cert.pem*
* acl is_websocket hdr_end(host) -i m1.some-domain.com
<http://m1.some-domain.com>*
* use_backend wss if is_websocket*
* default_backend wss*
*backend wss*
* timeout server 600s*
* server ws1 k1.some-domain.com:10443 <http://k1.some-domain.com:10443>*
* server ws1 k2.some-domain.com:10443 <http://k2.some-domain.com:10443>*
Need some direction, thanks in advance.
Regards,
Jade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20170202/152cb08a/attachment.html>
More information about the sr-users
mailing list