[OpenSER-Devel] TLS stuff (was Re: discussion: issues with local_route)
Klaus Darilion
klaus.mailinglists at pernau.at
Fri Jun 20 15:58:53 CEST 2008
Dan Pascu schrieb:
> On Friday 20 June 2008, Klaus Darilion wrote:
>> Dan Pascu schrieb:
>>> On Thursday 19 June 2008, Klaus Darilion wrote:
>>>> Hi Dan!
>>>>
>>>> Dan Pascu schrieb:
>>>> ...
>>>>
>>>>> operators do not work in all cases? What about the TLS
>>>>> implementation which is practically useless for end user devices,
>>>>> and even for proxy to proxy connections can render your proxy
>>>>> completely unresponsive under certain conditions?
>>>> Are you referring to blocking during TLS handshake (the same issue
>>>> as DNS lookups and TCP connects) or is there another problem in TLS
>>>> stack?
>>> Yes, that's what I meant. I've seen the proxy freeze after some
>>> client connections died and in one case the CPU usage skyrocketed
>>> after such an event, staying at 100% until restarted.
>> Hmm. Blocking for some time can happen (as with TCP), but an endless
>> freeze is a bug - there should be timeouts.
>
> I never said anything about an endless freeze. But a gap, no matter if it
> lasts 15 seconds or 20 minutes, in the proxy processing is not a good
> thing. Besides, this is not the point of this thread, it was just an
> example that others things don't work perfectly either.
Yes. Blocking is a know issue of openser, not only for TLS but also for
TCP and DNS. I just wanted to know if there is something special in the
TLS case, because I currently add the TLs server_name extension to
openser and wanted to know if there was an (to me) unknown bug in TLS code.
regards
Klaus
More information about the Devel
mailing list