[OpenSIPS-Users] I need some help in websocket connection error .
Sasmita Panda
spanda at 3clogic.com
Fri Jun 28 05:09:53 EDT 2019
I am sure the client supports TLSv1.2 version . That was confirmed .
I am not sure about the ciphers . I have to ask them .
modparam("tls_mgm", "ciphers_list", "AES256-GCM-SHA384,AES256-
SHA256,AES256-SHA,CAMELLIA256-SHA,AES128-SHA,CAMELLIA128-SHA,RC4-SHA")
Is this the list of whitelisted ciphers ?
*Thanks & Regards*
*Sasmita Panda*
*Senior Network Testing and Software Engineer*
*3CLogic , ph:07827611765*
On Fri, Jun 28, 2019 at 1:33 PM Răzvan Crainea <razvan at opensips.org> wrote:
> Hi, Sasmita!
>
> I see that you require TLSv1.2 authentication method - are you sure your
> clients do support this version? A similar problem can be with the
> ciphers, are you sure your clients support the whitelisted ciphers? As
> you do not enforce anything, this might be true, but this is something
> you should double-check. Besides that, I don't have any other ideas.
>
> Best regards,
> Răzvan
>
> On 6/27/19 9:02 AM, Sasmita Panda wrote:
> > Hi,
> >
> > SSL miss configuration in client side or in opensips side . I think I
> > have done the configuration right .
> >
> > listen=wss:192.168.143.20:443 <http://192.168.143.20:443>
> > loadmodule "tls_mgm.so"
> > modparam("tls_mgm", "tls_method", "tlsv1_2")
> > modparam("tls_mgm", "verify_cert", "0")
> > modparam("tls_mgm", "require_cert", "0")
> > modparam("tls_mgm", "certificate",
> > "/usr/local/etc/opensips/tls/3ccloudwebrtc2019.crt")
> > modparam("tls_mgm", "private_key",
> > "/usr/local/etc/opensips/tls/3ccloud.key")
> > modparam("tls_mgm", "ca_list",
> > "/usr/local/etc/opensips/tls/rootCA/cacert.pem")
> > loadmodule "proto_wss.so"
> > modparam("proto_wss", "wss_port", 443)
> >
> > This is for wss . Is there anything I am missing in configuration ?
> >
> >
> > */Thanks & Regards/*
> > /Sasmita Panda/
> > /Senior Network Testing and Software Engineer/
> > /3CLogic , ph:07827611765/
> >
> >
> > On Wed, Jun 26, 2019 at 8:10 PM Răzvan Crainea <razvan at opensips.org
> > <mailto:razvan at opensips.org>> wrote:
> >
> > TBH, all I can see in the logs you sent is that a connection was
> > terminated (without even being started), and a connection that was
> > started, but closed by the client. So in order to understand what's
> > happening, you need to understand why the client is closing the
> > connection. Check logs, documentation, anything, but this doesn't
> seem
> > to be related to OpenSIPS, it looks like some SSL misconfiguration.
> >
> > Best regards,
> > Răzvan
> >
> > On 6/26/19 4:24 PM, Sasmita Panda wrote:
> > > Is there any update on this issue . How I can solve this error
> > message
> > > from my opensips logs .
> > >
> > >
> > > */Thanks & Regards/*
> > > /Sasmita Panda/
> > > /Senior Network Testing and Software Engineer/
> > > /3CLogic , ph:07827611765/
> > >
> > >
> > > On Tue, Jun 25, 2019 at 3:48 PM Sasmita Panda <spanda at 3clogic.com
> > <mailto:spanda at 3clogic.com>
> > > <mailto:spanda at 3clogic.com <mailto:spanda at 3clogic.com>>> wrote:
> > >
> > > I have tried to take ssldump in the webrtc server in run time
> .
> > >
> > > New TCP connection #19: 192.168.1.y(48530) <->
> 192.168.0.x(443)
> > > 19 0.0011 (0.0011) C>S TCP FIN
> > > 19 0.0013 (0.0001) S>C TCP FIN
> > >
> > > New TCP connection #20: 192.168.0.y(52975) <->
> 192.168.0.x(443)
> > > 20 1 0.0006 (0.0006) C>S Handshake ClientHello
> > > 20 2 0.0008 (0.0002) S>C Handshake ServerHello
> > > 20 3 0.0008 (0.0000) S>C Handshake Certificate
> > > 20 4 0.0008 (0.0000) S>C Handshake ServerHelloDone
> > > 20 5 0.0020 (0.0011) C>S Handshake ClientKeyExchange
> > > 20 6 0.0020 (0.0000) C>S ChangeCipherSpec
> > > 20 7 0.0020 (0.0000) C>S Handshake
> > > 20 8 0.0036 (0.0015) S>C Handshake20 9 0.0036 (0.0000)
> S>C
> > > ChangeCipherSpec
> > > 20 10 0.0036 (0.0000) S>C Handshake
> > > 20 11 0.0042 (0.0006) C>S Alert
> > > 20 0.0042 (0.0000) C>S TCP FIN
> > > 20 0.0043 (0.0000) S>C TCP FIN
> > >
> > > The portion I marked in red whenever appear there is error in
> > > opensips logs . For below portion the connection was
> accepted .
> > >
> > > I am not even getting any error in my browser side . How I
> will
> > > debug this ? please help .
> > >
> > > */Thanks & Regards/*
> > > /Sasmita Panda/
> > > /Senior Network Testing and Software Engineer/
> > > /3CLogic , ph:07827611765/
> > >
> > >
> > > On Fri, Jun 14, 2019 at 2:51 PM Callum Guy
> > <callum.guy at x-on.co.uk <mailto:callum.guy at x-on.co.uk>
> > > <mailto:callum.guy at x-on.co.uk
> > <mailto:callum.guy at x-on.co.uk>>> wrote:
> > >
> > > You might find that a tcpdump is the only way to get to
> grips
> > > with the underlying issue.
> > >
> > > Having said that I wonder if there is any chance that the
> > > connection isn't accepting simply due to a cipher
> > > incompatibility. Are you setting a cipher list that you
> know
> > > your clients accept? Maybe try:
> > >
> > > modparam("tls_mgm", "ciphers_list",
> > >
> >
> "AES256-GCM-SHA384,AES256-SHA256,AES256-SHA,CAMELLIA256-SHA,AES128-SHA,CAMELLIA128-SHA,RC4-SHA")
> > >
> > >
> > > On Fri, 14 Jun 2019 at 09:17, Sasmita Panda
> > <spanda at 3clogic.com <mailto:spanda at 3clogic.com>
> > > <mailto:spanda at 3clogic.com <mailto:spanda at 3clogic.com>>>
> > wrote:
> > >
> > > I had a dedicated server for 1 Client . When that
> client
> > > faces the issue I started looking into the logs . And
> > this
> > > is what the error I got .
> > >
> > > but latter on when I saw other servers which is
> > getting used
> > > by different client in that logs also same error
> coming
> > > everyday .
> > >
> > > As a conclusion its happening with everybody .
> > >
> > > Below is the configuration .
> > >
> > > modparam("tls_mgm", "tls_method", "tlsv1_2")
> > > modparam("tls_mgm", "verify_cert", "0")
> > > modparam("tls_mgm", "require_cert", "0")
> > > modparam("tls_mgm", "certificate",
> > > "/usr/etc/opensips/tls/3ccloudwebrtc2019.crt")
> > > modparam("tls_mgm", "private_key",
> > > "/usr/etc/opensips/tls/3ccloud.key")
> > > modparam("tls_mgm", "ca_list",
> > > "/usr/etc/opensips/tls/rootCA/cacert.pem")
> > >
> > >
> > >
> > > */Thanks & Regards/*
> > > /Sasmita Panda/
> > > /Senior Network Testing and Software Engineer/
> > > /3CLogic , ph:07827611765/
> > >
> > >
> > > On Thu, Jun 13, 2019 at 6:50 PM Răzvan Crainea
> > > <razvan at opensips.org <mailto:razvan at opensips.org>
> > <mailto:razvan at opensips.org <mailto:razvan at opensips.org>>> wrote:
> > >
> > > Can you trace the SSL traffic between the two
> > endpoints?
> > > Perhaps the SSL
> > > header give you a reason for not accepting the
> > connection.
> > > Is this happening only for certain clients, or
> > for everyone?
> > > Are you requiring any certificates validation?
> > >
> > > Best regards,
> > > Răzvan
> > >
> > > On 6/12/19 3:34 PM, Sasmita Panda wrote:
> > > > I am using opensips 2.2
> > > > version: opensips 2.2.4 (x86_64/linux)
> > > >
> > > > I am using the proto_wss and tls_mgm module for
> > > establishing websocket
> > > > connection .
> > > >
> > > > I am getting bellow error again and again .
> > Whats the
> > > reson behind this
> > > > and how can I solve this problem ?
> > > >
> > > >
> > > > Jun 10 00:00:15 localhost
> > /usr/sbin/opensips[1548]:
> > > > INFO:core:probe_max_sock_buff: using snd
> > buffer of 416 kb
> > > > Jun 10 00:00:15 localhost
> > /usr/sbin/opensips[1548]:
> > > > INFO:core:init_sock_keepalive: TCP keepalive
> > enabled
> > > on socket 96
> > > > Jun 10 00:00:15 localhost
> > /usr/sbin/opensips[1546]:
> > > > ERROR:proto_wss:tls_accept: New TLS connection
> > from
> > > 192.168.160.6:58616 <http://192.168.160.6:58616>
> > <http://192.168.160.6:58616>
> > > > <http://192.168.160.6:58616> failed to accept
> > > > Jun 10 00:00:15 localhost
> > /usr/sbin/opensips[1546]:
> > > > ERROR:proto_wss:wss_read_req: cannot fix read
> > connection
> > > > Jun 10 00:00:17 localhost
> > /usr/sbin/opensips[1548]:
> > > > INFO:core:probe_max_sock_buff: using snd
> > buffer of 416 kb
> > > > Jun 10 00:00:17 localhost
> > /usr/sbin/opensips[1548]:
> > > > INFO:core:init_sock_keepalive: TCP keepalive
> > enabled
> > > on socket 96
> > > > Jun 10 00:00:17 localhost
> > /usr/sbin/opensips[1546]:
> > > > ERROR:proto_wss:tls_accept: New TLS connection
> > from
> > > 192.168.175.59:12918 <http://192.168.175.59:12918>
> > <http://192.168.175.59:12918>
> > > > <http://192.168.175.59:12918> failed to accept
> > > > Jun 10 00:00:17 localhost
> > /usr/sbin/opensips[1546]:
> > > > ERROR:proto_wss:wss_read_req: cannot fix read
> > connection
> > > >
> > > >
> > > > Please do help .
> > > >
> > > >
> > > >
> > > > */Thanks & Regards/*
> > > > /Sasmita Panda/
> > > > /Senior Network Testing and Software Engineer/
> > > > /3CLogic , ph:07827611765/
> > > >
> > > > _______________________________________________
> > > > Users mailing list
> > > > Users at lists.opensips.org
> > <mailto:Users at lists.opensips.org>
> > > <mailto:Users at lists.opensips.org
> > <mailto:Users at lists.opensips.org>>
> > > >
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > > >
> > >
> > > --
> > > Răzvan Crainea
> > > OpenSIPS Core Developer
> > > http://www.opensips-solutions.com
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> > <mailto:Users at lists.opensips.org <mailto:Users at lists.opensips.org>>
> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> > <mailto:Users at lists.opensips.org <mailto:Users at lists.opensips.org>>
> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > >
> > >
> > >
> > > *^0333 332 0000 | www.x-on.co.uk <http://www.x-on.co.uk>
> > <http://www.x-on.co.uk> |
> > > _**_^<https://www.linkedin.com/company/x-on>
> > > <https://www.facebook.com/XonTel>
> > <https://twitter.com/xonuk> *
> > >
> > > X-on is a trading name of Storacall Technology Ltd a
> limited
> > > company registered in England and Wales.
> > > Registered Office : Avaland House, 110 London Road,
> Apsley,
> > > Hemel Hempstead, Herts, HP3 9SD. Company Registration No.
> > 2578478.
> > > The information in this e-mail is confidential and for
> use by
> > > the addressee(s) only. If you are not the intended
> recipient,
> > > please notify X-on immediately on +44(0)333 332 0000 and
> > delete the
> > > message from your computer. If you are not a named
> > addressee you
> > > must not use, disclose, disseminate, distribute, copy,
> > print or
> > > reply to this email. Views or opinions expressed by an
> > individual
> > > within this email may not necessarily reflect the views
> > of X-on
> > > or its associated companies. Although X-on routinely
> > screens for
> > > viruses, addressees should scan this email and any
> > attachments
> > > for viruses. X-on makes no representation or warranty as
> > to the
> > > absence of viruses in this email or any attachments.
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> > <mailto:Users at lists.opensips.org <mailto:Users at lists.opensips.org>>
> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > >
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> > > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> > >
> >
> > --
> > Răzvan Crainea
> > OpenSIPS Core Developer
> > http://www.opensips-solutions.com
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org <mailto:Users at lists.opensips.org>
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
>
> --
> Răzvan Crainea
> OpenSIPS Core Developer
> http://www.opensips-solutions.com
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20190628/c32b99bb/attachment-0001.html>
More information about the Users
mailing list