[Kamailio-Users] Problem with secure TLS call

Hemanshu Patel hemanshu.patel at saicare.com
Mon Mar 22 09:50:42 CET 2010


It seems problem with Configuration
Please check my config file's TLS section "disable_tls = no" and
tls_method=TLSV1

/* uncomment the following lines to enable TLS support  (default off) */
disable_tls = no
listen = tls:172.16.16.218:5091
tls_verify_server = 1
tls_verify_client = 0
tls_require_client_certificate = 0
tls_method = TLSv1
tls_certificate =
"/data/hemanshu/install/panreg-tls/etc/kamailio/tls/user/user-cert.pem"
tls_private_key =
"/data/hemanshu/install/panreg-tls/etc/kamailio/tls/user/user-privkey.pem"
tls_ca_list     =
"/data/hemanshu/install/panreg-tls/etc/kamailio/tls/user/user-calist.pem"

Are you sure phonerlite is using old sslv3 and not TLSV1?





-- 
Regards,

Hemanshu Patel

M: 09601295238

> Hi,
>
> I am using
>
> kamailio 3.0.1 (x86_64/linux) 0822a9
> flags: STATS: Off, USE_IPV6, USE_TCP, USE_TLS, TLS_HOOKS, DISABLE_NAGLE,
> USE_MCAST, DNS_IP_HACK, SHM_MEM, SHM_MMAP, PKG_MALLOC, F_MALLOC,
> USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER,
> USE_NAPTR, USE_DST_BLACKLIST, HAVE_RESOLV_RES
> ADAPTIVE_WAIT_LOOPS=1024, MAX_RECV_BUFFER_SIZE 262144, MAX_LISTEN 16,
> MAX_URI_SIZE 1024, BUF_SIZE 65535
> poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
>
> and I am using the client "PhonerLite" (http://www.phonerlite.de).
>
> The phone is registered on my server with TLS.
>
> If I call someone or myself I get an error message. What is wrong with my
> server? (TLS calls with PhonerLite with the provider antisip.com are
> possible without problems!)
>
> With UDP calling myself I get "486:Busy Here" on the phone, this is OK and
> normal.
> With TLS I get "477:Unfortunately error on sending to next hop
> occurred(477/SL)" on the phone and some ERROR messages like the following
> on the kamailio.log (you can see the rest of the log in the attached zip):
>
> Mar 21 20:24:00 vs208140 /usr/local/sbin/kamailio[20013]: DEBUG: <core>
> [msg_translator.c:200]: check_via_address(95.90.205.74, 95.90.205.74, 0)
> Mar 21 20:24:00 vs208140 /usr/local/sbin/kamailio[20013]: DEBUG: <core>
> [tcp_main.c:1786]: tcp_send: no open tcp connection found, opening new one
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: <core>
> [tcp_main.c:618]: connect 95.90.205.74:5061 failed (timeout)
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: <core>
> [tcp_main.c:621]: ERROR: tcp_blocking_connect 95.90.205.74:5061: timeout
> 10 s elapsed from 10 s
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: <core>
> [tcp_main.c:1168]: ERROR: tcp_do_connect: tcp_blocking_connect
> 95.90.205.74:5061 failed
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: <core>
> [tcp_main.c:1237]: ERROR: tcp_do_connect 95.90.205.74:5061: failed (115)
> Operation now in progress
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: <core>
> [tcp_main.c:1955]: ERROR: tcp_send 95.90.205.74:5061: connect failed
> Mar 21 20:24:10 vs208140 /usr/local/sbin/kamailio[20013]: ERROR: tm
> [../../forward.h:191]: msg_send: ERROR: tcp_send failed
>
> The kamailio.cfg file is also in the zip attached.
> The PC is connected with the router (I opened the TCP ports 5060-5062)
> that is connected to the Internet. The problem also happens if I disable
> the firewall of the server and of the PC.
>
> Can someone give me help?
>
> Thanks in advance!
>
> Regards
>
> Detlef Pilzecker_______________________________________________
> Kamailio (OpenSER) - Users mailing list
> Users at lists.kamailio.org
> http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
> http://lists.openser-project.org/cgi-bin/mailman/listinfo/users






More information about the Users mailing list