[OpenSIPS-Users] multi domain TLS in opensips 3.1

Răzvan Crainea razvan at opensips.org
Mon Jul 6 07:29:27 EST 2020 

In OpenSIPS 3.1, the tls_handshake_timeout is no longer specified in the 
tls_module, but in each module that uses tls[1].
Therefore, most likely, you are looking at this parameter[2].

[1] https://www.opensips.org/Documentation/Migration-3-0-0-to-3-1-0#toc15
[2] 
https://opensips.org/docs/modules/3.1.x/proto_tls.html#param_tls_handshake_timeout

Best regards,

Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com

On 7/4/20 11:37 PM, xaled at web.de wrote:
> Hi,
> 
> I'm trying to get multi domain TLS with MS Teams going and kind of stuck at the beginning.
> According to MS Teams interconnect tutorial tls_handshake_timeout shall be set to 300. Setting this parameter independent from TLS domain gives an error that parameter is not found.
> 
> #modparam("tls_mgm", "tls_handshake_timeout", "300")
> 
> # generic TLS server domain, if the client does not provide SNI
> modparam("tls_mgm", "server_domain", "test")
> modparam("tls_mgm", "match_ip_address", "[test]*")
> modparam("tls_mgm", "match_sip_domain", "[test]none")
> modparam("tls_mgm", "certificate", "[test]/etc/ssl/private/test.crt")
> modparam("tls_mgm", "private_key", "[test]/etc/ssl/private/test.key")
> modparam("tls_mgm", "ca_list", "[test]/etc/ssl/private/test-ca.pem")
> modparam("tls_mgm", "tls_method", "[test]TLSv1-")
> modparam("tls_mgm", "verify_cert", "[test]0")
> modparam("tls_mgm", "require_cert", "[test]0")
> 
> 
> # MS Teams TLS config
> modparam("tls_mgm", "server_domain", "test_dom")
> modparam("tls_mgm", "match_ip_address", "[test_dom]*")
> modparam("tls_mgm", "match_sip_domain", "[test_dom]sip4teams.test.com")
> #modparam("tls_mgm", "tls_handshake_timeout", [test_dom]300)
> modparam("tls_mgm", "certificate", "[test_dom]/etc/ssl/private/test.crt")
> modparam("tls_mgm", "private_key", "[test_dom]/etc/ssl/private/test.key")
> modparam("tls_mgm", "ca_list", "[test_dom]/etc/ssl/private/test-ca.pem")
> modparam("tls_mgm", "tls_method", "[test_dom]TLSv1_2")
> modparam("tls_mgm", "verify_cert", "[test_dom]1")
> modparam("tls_mgm", "require_cert", "[test_dom]1")
> 
> Jul  4 22:17:34 sip4teams opensips: INFO:tls_mgm:mod_load: openssl version: OpenSSL 1.1.1d  10 Sep 2019
> Jul  4 22:17:34 sip4teams opensips: ERROR:core:set_mod_param_regex: parameter <tls_handshake_timeout> not found in module <tls_mgm>
> Jul  4 22:17:34 sip4teams opensips: Traceback (last included file at the bottom):
> Jul  4 22:17:34 sip4teams opensips:  0. /etc/opensips/opensips.cfg
> Jul  4 22:17:34 sip4teams opensips: CRITICAL:core:yyerror: parse error in /etc/opensips/opensips.cfg:61:21-22: Parameter <tls_handsha
> ke_timeout> not found in module <tls_mgm> - can't set
> Jul  4 22:17:34 sip4teams opensips: #set global tls parameters
> Jul  4 22:17:34 sip4teams opensips:
> Jul  4 22:17:34 sip4teams opensips: modparam("tls_mgm", "tls_handshake_timeout", 300)
> Jul  4 22:17:34 sip4teams opensips: ^~
> Jul  4 22:17:34 sip4teams opensips:
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

More information about the Users mailing list