<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
<br><br>> Date: Mon, 13 Sep 2010 11:40:33 +0200<br>> From: klaus.mailinglists@pernau.at<br>> To: betergreen@live.com<br>> CC: sr-users@lists.sip-router.org<br>> Subject: Re: [SR-Users] help with tls error :sslv3 alert bad certificate<br>> <br>> <br>> <br>> Am 13.09.2010 11:10, schrieb peter_green lion:<br>> > enable_tls=1<br>> > tcp_async=no<br>> ><br>> > listen=tls:192.168.1.81:5060<br>> <br>> The default is for TLS is port 5061.<br>> <br>> ><br>> > modparam("tls", "tls_method", "TLSv1")<br>> > modparam("tls", "tls_method", "SSLv23")<br>> <br>> You can not use TLS and SSL - only on e or the other. SIP is <br>> standardized with TLSv1. Thus you should remove SSLv23 unless you <br>> explicitely know that the client can not handle TLSv1 (then the client <br>> would be buggy)<br>> <br>> > modparam("tls", "certificate", "ser1_cert.pem")<br>> > modparam("tls", "private_key", "privkey.pem")<br>> > modparam("tls", "ca_list", "cacert.pem")<br>> > modparam("tls", "verify_certificate", 1)<br>> <br>> <br>> > modparam("tls", "require_certificate", 1)<br>> <br>> Here is the problem: You have configured Kamailio to require a client <br>> certificate. Usually the SIP client does not have a TLS client <br>> certificate, thus Kamailio will terminate the TLS connection with <br>> handshake error. Set<br>> modparam("tls", "require_certificate", 0)<br>> and at least it should work with the "openssl s_client" tool.<br>> <br>> <br>> regards<br>> Klaus<br>> <br>> <br><br>hi Klaus and all,<br>i thing this is bug in openssl, becau i have just install kamailio with tls support in ubuntu server which OS have openssl version 0.9.8k,<br>and i have result as:<br><br>sip client can register with server via tls support(sometime it work and some time it cannot work, or it can register when i restart kamailio)<br><br>if it can register, i can make call but when callee answer, caller change to connect , but callee continue ringring.<br>if callee reject call, caller change to destination busy.<br><br>i can recognize what problem, please suggest ?<br>thanks and regards <br>Peter Green.<br>                                            </body>
</html>