<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <tt>Hi,<br>
      <br>
      First of all, carefully read the logs you get as they provide *a
      lot* of useful hints.<br>
      <br>
      The key log is "SSL3_GET_CLIENT_CERTIFICATE:no certificate
      returned" - that means the other party did not presented a SSL
      ceritificate, while your TLS setup for that domain do require one
      (see the require_certificate option).<br>
      <br>
      Regards, <br>
    </tt>
    <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
  <a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a>
OpenSIPS Summit 2018
  <a class="moz-txt-link-freetext" href="http://www.opensips.org/events/Summit-2018Amsterdam">http://www.opensips.org/events/Summit-2018Amsterdam</a>
</pre>
    <div class="moz-cite-prefix">On 05/14/2018 11:45 PM, Govindaraj,
      Rajesh wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:BN6PR15MB1442E4B70A844496E95153A8E39C0@BN6PR15MB1442.namprd15.prod.outlook.com">
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <meta name="Generator" content="Microsoft Word 15 (filtered
        medium)">
      <!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
      <style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:"Calibri Light";
        panose-1:2 15 3 2 2 2 4 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
span.pl-en
        {mso-style-name:pl-en;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal"><span style="color:#1F497D">Hi folks,<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D">Please provide
            any pointers if you might have.<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D">Thanks,<o:p></o:p></span></p>
        <p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
        <div>
          <div style="border:none;border-top:solid #E1E1E1
            1.0pt;padding:3.0pt 0in 0in 0in">
            <p class="MsoNormal"><b>From:</b> Govindaraj, Rajesh <br>
              <b>Sent:</b> Friday, May 11, 2018 5:37 PM<br>
              <b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:users@lists.opensips.org">users@lists.opensips.org</a><br>
              <b>Subject:</b> Opensips error <o:p></o:p></p>
          </div>
        </div>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Hi,<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">In a production environment, the below
          error is seen. The TLS handshake is fine and messages are
          being exchanged as seen from pcap and when one of the TCP
          message is read,<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">2018-05-11T11:24:05.000-04:00 [local2]
          [err] ffd-alpha-zone1-ccm1.ipc.com
          /usr/sbin/opensipsInternal[10325]: ERROR:core:_tls_read: TLS
          connection to 10.204.34.62:52094 read failed<o:p></o:p></p>
        <p class="MsoNormal">2018-05-11T11:24:05.000-04:00 [local2]
          [err] ffd-alpha-zone1-ccm1.ipc.com
          /usr/sbin/opensipsInternal[10325]: ERROR:core:_tls_read: TLS
          read error: 1<o:p></o:p></p>
        <p class="MsoNormal">2018-05-11T11:24:05.000-04:00 [local2]
          [err] ffd-alpha-zone1-ccm1.ipc.com
          /usr/sbin/opensipsInternal[10325]:
          ERROR:core:tls_print_errstack: TLS errstack:
          error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no
          certificate returned<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">This error is seen. TLS read error: 1
          indicates <span class="pl-en">
            <span
style="font-size:9.0pt;font-family:Consolas;color:#6F42C1;background:white">SSL_ERROR_SSL</span></span><span
style="font-size:9.0pt;font-family:Consolas;color:#24292E;background:white">.
          </span>Checking the pcap for success and failure case, they
          are no abnormalities. It fails for only one user randomly.
          Today in our test it failed twice with the same error when
          reading a TLS packet. TLS session establishment is fine. Any
          pointers would really help.<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Thanks,<span
style="font-size:9.0pt;font-family:Consolas;color:#24292E;background:white"> 
                       </span><o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal"
          style="margin-bottom:3.0pt;page-break-after:avoid"><b><span
              style="font-size:12.0pt;font-family:"Calibri
              Light",sans-serif;color:black" lang="EN-GB">Rajeshkumar
              Govindaraj<o:p></o:p></span></b></p>
        <p class="MsoNormal"
          style="margin-bottom:6.0pt;page-break-after:avoid"><span
            style="font-size:12.0pt;color:black" lang="EN-GB">Software
            Engineer<br>
          </span><span style="font-size:10.0pt;color:black">777 Commerce
            Drive,<br>
            Fairfield, CT-06825<br>
          </span><b><span style="font-size:10.0pt;color:black" lang="FR">T</span></b><span
            style="font-size:10.0pt;color:black" lang="FR"> +1 201 253
            7803  
          </span><span
            style="font-size:10.0pt;font-family:Symbol;color:#5B9BD5">|</span><span
            style="font-size:10.0pt;color:black" lang="FR">  
            <b>M</b> +1 475 439 9918  </span><span
            style="font-size:10.0pt;font-family:Symbol;color:#5B9BD5">|</span><span
            style="font-size:10.0pt;color:black" lang="FR">  
            <b>E</b> <a href="mailto:Rajesh.Govindaraj@ipc.com"
              moz-do-not-send="true">Rajesh.Govindaraj@ipc.com</a></span><span
            style="font-size:12.0pt;color:black" lang="EN-GB"><o:p></o:p></span></p>
        <p class="MsoNormal"><span
            style="font-size:10.0pt;mso-fareast-language:FR">Follow us
            on twitter:
          </span><span style="font-size:10.0pt">@<span
              style="text-transform:uppercase">ipc</span>_Systems_Inc   
          </span><a href="http://www.ipc.com/" moz-do-not-send="true"><span
              style="font-size:10.0pt">www.ipc.com</span></a><span
            style="font-size:10.0pt;color:#44546A"><o:p></o:p></span></p>
        <p class="MsoNormal"><span
            style="font-size:10.0pt;color:#44546A"><o:p> </o:p></span></p>
        <p class="MsoNormal"><img id="Picture_x0020_2"
            src="cid:part3.CD0BE01F.4A9B97BB@opensips.org"
            alt="cid:image006.jpg@01D1940F.3E021840" class=""
            height="79" border="0" width="191"><o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
      </div>
      <br>
      <br>
      <br>
      DISCLAIMER:
      This e-mail may contain information that is confidential,
      privileged or otherwise protected from disclosure. If you are not
      an intended recipient of this e-mail, do not duplicate or
      redistribute it by any means. Please delete it and any attachments
      and notify the sender that you have received it in error.
      Unintended recipients are prohibited from taking action on the
      basis of information in this e-mail. E-mail messages may contain
      computer viruses or other defects, may not be accurately
      replicated on other systems, or may be intercepted, deleted or
      interfered with without the knowledge of the sender or the
      intended recipient. If you are not comfortable with the risks
      associated with e-mail messages, you may decide not to use e-mail
      to communicate with IPC. IPC reserves the right, to the extent and
      under circumstances permitted by applicable law, to retain,
      monitor and intercept e-mail messages to and from its systems.
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>