<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <p>Hello,</p>

    <p>ok.</p>

    <p>If you run the patched version, update to use the latest version

      in 5.2 branch and set the rand_engine to cryptorand for better

      randomness to ensure strong level of security for tls.</p>

    <p>Cheers,<br>

      Daniel<br>

    </p>

    <div class="moz-cite-prefix">On 09.10.19 13:50, Marco Capetta wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:5278bd8f-f6c5-f292-ed8d-391ae39518ab@sipwise.com">

      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

      <tt>Hi Daniel,<br>

        <br>

        unfortunately I cannot do test at the moment on the platform

        where I had the issue.<br>

        If I'll be able to replicate the issue on another system, I'll

        test it for sure.<br>

        <br>

        Thanks<br>

        <br>

        Cheers,<br>

        Marco<br>

        <br>

      </tt><br>

      <div class="moz-cite-prefix">On 10/8/19 4:42 PM, Daniel-Constantin

        Mierla wrote:<br>

      </div>

      <blockquote type="cite"

        cite="mid:322d1692-652a-6cee-d51d-00156c9b2c30@gmail.com">

        <pre class="moz-quote-pre" wrap="">Hello Marco,

I am writing to see if you can test the kxlibssl prng that I just added

for tls module. I want to see if exposes the same issue you reported in:

  * <a class="moz-txt-link-freetext" href="https://github.com/kamailio/kamailio/issues/2077" moz-do-not-send="true">https://github.com/kamailio/kamailio/issues/2077</a>

If you can't test with master branch, you need to backport two commits:

  *

<a class="moz-txt-link-freetext" href="https://github.com/kamailio/kamailio/commit/99eafac2d92533ba93cd8244173aef0db0e76b0c" moz-do-not-send="true">https://github.com/kamailio/kamailio/commit/99eafac2d92533ba93cd8244173aef0db0e76b0c</a>

  *

<a class="moz-txt-link-freetext" href="https://github.com/kamailio/kamailio/commit/a52f05087a211bfecd36300907d0bff7170e08ec" moz-do-not-send="true">https://github.com/kamailio/kamailio/commit/a52f05087a211bfecd36300907d0bff7170e08ec</a>

Then set:

modparam("tls", "rand_engine", "kxlibssl")

The latest branch 5.2 has the code for setting custom prng backported.

The idea behind kxlibssl prng is to reuse the function of the default

libssl v1.1.x prng, but guarded by a kamailio specific mutex.

Cheers,

Daniel

</pre>

      </blockquote>

      <br>

      <div class="moz-signature">-- <br>

        <div style="line-height:16px; margin:6px 0; padding:8px 8px 8px

          8px; border-top:1px #aeb1a6 dotted; border-bottom:1px #aeb1a6

          dotted; font-family: 'Lucida Sans', Lucida Grande, Verdana,

          Arial, Sans-Serif; font-size:11px; color:#555555;"> <strong

            style="color:#333333; text-transform:uppercase;

            font-size:10px;"> Marco Capetta </strong> <br>

          VoIP Developer

          <p> <a href="http://www.sipwise.com" style="color:rgb(0, 136,

              204) !important; text-decoration:none !important;

              border-bottom:1px dotted #AAA;" moz-do-not-send="true">

              Sipwise GmbH </a> , Campus 21/Europaring F15<br>

            AT-2345 Brunn am Gebirge </p>

          <p> Phone:  <a href="tel:+4313012044" style="color:rgb(0,

              136, 204) !important; text-decoration:none !important;

              border-bottom:1px dotted #AAA;" moz-do-not-send="true">

              +43(0)1 301 2044 </a> <br>

            Email:  <a href="mailto:mcapetta@sipwise.com"

              style="color:rgb(0, 136, 204) !important;

              text-decoration:none !important; border-bottom:1px dotted

              #AAA;" moz-do-not-send="true"> mcapetta@sipwise.com </a>

            <br>

            Website:  <a href="http://www.sipwise.com"

              style="color:rgb(0, 136, 204) !important;

              text-decoration:none !important; border-bottom:1px dotted

              #AAA;" moz-do-not-send="true"> www.sipwise.com </a> </p>

          <p> Particulars according Austrian Companies Code paragraph 14<br>

            "Sipwise GmbH" - Europaring F15 - 2345 Brunn am Gebirge<br>

            FN:305595f, Commercial Court Vienna, ATU64002206 </p>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

Kamailio (SER) - Users Mailing List

<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>

<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

    </blockquote>

    <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>

<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>

Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- <a class="moz-txt-link-freetext" href="https://asipto.com/u/kat">https://asipto.com/u/kat</a></pre>

  </body>

</html>