<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello,</p>
<p>can you try with debug=3 in kamailio.cfg, there should be more
logs that can provide hints on what happens.</p>
<p>Also, what are your settings for tls module? Do you require a
specific TLS version?</p>
<p>Cheers,<br>
Daniel<br>
</p>
<br>
<div class="moz-cite-prefix">On 02/02/2017 18:39, Jade SZ wrote:<br>
</div>
<blockquote
cite="mid:CAP2a2YUCMmcdm7vdztW0qPME8iJOQ1r7EviNuxtcUFnmA0q7SQ@mail.gmail.com"
type="cite">
<div dir="ltr"><font face="verdana, sans-serif">Hi Guys,</font>
<div><font face="verdana, sans-serif"><br>
</font></div>
<div><font face="verdana, sans-serif">
<div>I am trying to setup the following flow:</div>
<div><br>
</div>
<div>Browser >> WSS >> HA Proxy >>> WSS
>> Kamailio</div>
<div><br>
</div>
<div>But getting TLS errors in Kamailio logs:<br>
</div>
<div>
<div><b>[29634]: ERROR: <core> [tcp_read.c:1321]:
tcp_read_req(): ERROR: tcp_read_req: error reading -
c: 0x7f68ebe872b0 r: 0x7f68ebe87330</b></div>
<div><b>[29631]: ERROR: tls [tls_util.h:42]:
tls_err_ret(): TLS accept:error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number</b></div>
</div>
<div><br>
</div>
<div>Browser <-----wss---->Kamailio works fine with
same certs. <br>
</div>
<div><br>
</div>
</font><font face="verdana, sans-serif">
<div>Both HA Proxy and Kamilio are installed on separate
servers, hosting on same port with different domain.
Kamailio tls.conf has method = TLSv1</div>
<div><br>
</div>
<div><b>@HA Proxy:</b></div>
<div><br>
</div>
<div>openssl s_client -connect HA-PROXY-DOMAIN:<i>10443</i><br>
</div>
</font><font face="verdana, sans-serif">
<div><br>
</div>
<div>
<div>SSL-Session:</div>
<div> Protocol : TLSv1.2</div>
</div>
<div><br>
</div>
<div><b>@Kamailio :</b></div>
<div>
<div>openssl s_client -connect KAMAILIO-DOMAIN:<i>10443</i><br>
</div>
<div><br>
</div>
<div>SSL-Session:</div>
<div> Protocol : TLSv1</div>
</div>
<div><br>
</div>
<div>So I made HA Proxy to be on TLSv1
"ssl-default-bind-options force-tlsv10" But still I get
the same TLS error in Kamailio. </div>
<div><br>
</div>
<div><u>HA Proxy config looks like:</u></div>
</font><font face="verdana, sans-serif">
<div><br>
</div>
<div><i>frontend public</i></div>
<div><i> bind *:10443 ssl crt /etc/haproxy/certs/cert.pem</i></div>
<div><i> acl is_websocket hdr_end(host) -i <a
moz-do-not-send="true"
href="http://m1.some-domain.com">m1.some-domain.com</a></i></div>
<div><i> use_backend wss if is_websocket</i></div>
<div><i> default_backend wss</i></div>
<div><i><br>
</i></div>
<div><i>backend wss</i></div>
<div><i> timeout server 600s</i></div>
<div><i> server ws1 <a moz-do-not-send="true"
href="http://k1.some-domain.com:10443">k1.some-domain.com:10443</a></i></div>
<div><i> server ws1 <a moz-do-not-send="true"
href="http://k2.some-domain.com:10443">k2.some-domain.com:10443</a></i></div>
</font><font face="verdana, sans-serif">
<div><br>
</div>
<div><br>
</div>
<div>Need some direction, thanks in advance.</div>
<div><br>
</div>
<div><br>
</div>
<div>Regards,</div>
<div>Jade</div>
</font></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - Mar 6-8 (Europe) and Mar 20-22 (USA) - <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
Kamailio World Conference - May 8-10, 2017 - <a class="moz-txt-link-abbreviated" href="http://www.kamailioworld.com">www.kamailioworld.com</a></pre>
</body>
</html>