Symptom
Hung SIP TLS connections on SIPGW/CUBE leads to the SIP trunk not coming into Full Service state.
Conditions
Following conditions need to match:
1. TLS connection b/w the CUBE/SIP GW and CUCM (with multiple nodes)
2. Parallel TLS handshake requests from the CUCM/remote agent side.
Workaround
Can clear all the SIP TLS connections on the CUBE/SIP GW using the following command:
clear sip-ua tcp tls connection id
[Details of connection can be found using the "show sip-ua connection tcp tls detail" command.
Further Problem Description
Can collect the following debugs to check the status of TLS connection:
debug ccsip verbose
debug ip tcp transaction.
debug crypto pki api
debug crypto pki messages
debug crypto pki callbacks
debug crypto pki scep
debug crypto pki server
debug crypto pki transaction
debug crypto pki validation
debug ssl openssl error
debug ssl openssl ext
debug ssl openssl msg
debug ssl openssl states
