<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <p>Hello,</p>

    <p>can you try with debug=3 in kamailio.cfg, there should be more

      logs that can provide hints on what happens.</p>

    <p>Also, what are your settings for tls module? Do you require a

      specific TLS version?</p>

    <p>Cheers,<br>

      Daniel<br>

    </p>

    <br>

    <div class="moz-cite-prefix">On 02/02/2017 18:39, Jade SZ wrote:<br>

    </div>

    <blockquote

cite="mid:CAP2a2YUCMmcdm7vdztW0qPME8iJOQ1r7EviNuxtcUFnmA0q7SQ@mail.gmail.com"

      type="cite">

      <div dir="ltr"><font face="verdana, sans-serif">Hi Guys,</font>

        <div><font face="verdana, sans-serif"><br>

          </font></div>

        <div><font face="verdana, sans-serif">

            <div>I am trying to setup the following flow:</div>

            <div><br>

            </div>

            <div>Browser >> WSS >> HA Proxy >>> WSS

              >> Kamailio</div>

            <div><br>

            </div>

            <div>But getting TLS errors in Kamailio logs:<br>

            </div>

            <div>

              <div><b>[29634]: ERROR: <core> [tcp_read.c:1321]:

                  tcp_read_req(): ERROR: tcp_read_req: error reading -

                  c: 0x7f68ebe872b0 r: 0x7f68ebe87330</b></div>

              <div><b>[29631]: ERROR: tls [tls_util.h:42]:

                  tls_err_ret(): TLS accept:error:1408F10B:SSL

                  routines:SSL3_GET_RECORD:wrong version number</b></div>

            </div>

            <div><br>

            </div>

            <div>Browser <-----wss---->Kamailio  works fine with

              same certs. <br>

            </div>

            <div><br>

            </div>

          </font><font face="verdana, sans-serif">

            <div>Both HA Proxy and Kamilio are installed on separate

              servers, hosting on same port with different domain.

              Kamailio tls.conf has method = TLSv1</div>

            <div><br>

            </div>

            <div><b>@HA Proxy:</b></div>

            <div><br>

            </div>

            <div>openssl s_client -connect HA-PROXY-DOMAIN:<i>10443</i><br>

            </div>

          </font><font face="verdana, sans-serif">

            <div><br>

            </div>

            <div>

              <div>SSL-Session:</div>

              <div>    Protocol  : TLSv1.2</div>

            </div>

            <div><br>

            </div>

            <div><b>@Kamailio :</b></div>

            <div>

              <div>openssl s_client -connect KAMAILIO-DOMAIN:<i>10443</i><br>

              </div>

              <div><br>

              </div>

              <div>SSL-Session:</div>

              <div>    Protocol  : TLSv1</div>

            </div>

            <div><br>

            </div>

            <div>So I made HA Proxy to be on TLSv1

              "ssl-default-bind-options force-tlsv10" But still I get

              the same TLS error in Kamailio. </div>

            <div><br>

            </div>

            <div><u>HA Proxy config looks like:</u></div>

          </font><font face="verdana, sans-serif">

            <div><br>

            </div>

            <div><i>frontend public</i></div>

            <div><i>  bind *:10443 ssl crt /etc/haproxy/certs/cert.pem</i></div>

            <div><i>  acl is_websocket hdr_end(host) -i <a

                  moz-do-not-send="true"

                  href="http://m1.some-domain.com">m1.some-domain.com</a></i></div>

            <div><i>  use_backend wss if is_websocket</i></div>

            <div><i>  default_backend wss</i></div>

            <div><i><br>

              </i></div>

            <div><i>backend wss</i></div>

            <div><i>  timeout server 600s</i></div>

            <div><i>  server ws1 <a moz-do-not-send="true"

                  href="http://k1.some-domain.com:10443">k1.some-domain.com:10443</a></i></div>

            <div><i>  server ws1 <a moz-do-not-send="true"

                  href="http://k2.some-domain.com:10443">k2.some-domain.com:10443</a></i></div>

          </font><font face="verdana, sans-serif">

            <div><br>

            </div>

            <div><br>

            </div>

            <div>Need some direction, thanks in advance.</div>

            <div><br>

            </div>

            <div><br>

            </div>

            <div>Regards,</div>

            <div>Jade</div>

          </font></div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>

<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla

<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>

Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>

Kamailio World Conference - May 8-10, 2017 - <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a></pre>

  </body>

</html>