<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hello,</p>
<p>ok.</p>
<p>If you run the patched version, update to use the latest version
in 5.2 branch and set the rand_engine to cryptorand for better
randomness to ensure strong level of security for tls.</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 09.10.19 13:50, Marco Capetta wrote:<br>
</div>
<blockquote type="cite"
cite="mid:5278bd8f-f6c5-f292-ed8d-391ae39518ab@sipwise.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<tt>Hi Daniel,<br>
<br>
unfortunately I cannot do test at the moment on the platform
where I had the issue.<br>
If I'll be able to replicate the issue on another system, I'll
test it for sure.<br>
<br>
Thanks<br>
<br>
Cheers,<br>
Marco<br>
<br>
</tt><br>
<div class="moz-cite-prefix">On 10/8/19 4:42 PM, Daniel-Constantin
Mierla wrote:<br>
</div>
<blockquote type="cite"
cite="mid:322d1692-652a-6cee-d51d-00156c9b2c30@gmail.com">
<pre class="moz-quote-pre" wrap="">Hello Marco,
I am writing to see if you can test the kxlibssl prng that I just added
for tls module. I want to see if exposes the same issue you reported in:
* <a class="moz-txt-link-freetext" href="https://github.com/kamailio/kamailio/issues/2077" moz-do-not-send="true">https://github.com/kamailio/kamailio/issues/2077</a>
If you can't test with master branch, you need to backport two commits:
*
<a class="moz-txt-link-freetext" href="https://github.com/kamailio/kamailio/commit/99eafac2d92533ba93cd8244173aef0db0e76b0c" moz-do-not-send="true">https://github.com/kamailio/kamailio/commit/99eafac2d92533ba93cd8244173aef0db0e76b0c</a>
*
<a class="moz-txt-link-freetext" href="https://github.com/kamailio/kamailio/commit/a52f05087a211bfecd36300907d0bff7170e08ec" moz-do-not-send="true">https://github.com/kamailio/kamailio/commit/a52f05087a211bfecd36300907d0bff7170e08ec</a>
Then set:
modparam("tls", "rand_engine", "kxlibssl")
The latest branch 5.2 has the code for setting custom prng backported.
The idea behind kxlibssl prng is to reuse the function of the default
libssl v1.1.x prng, but guarded by a kamailio specific mutex.
Cheers,
Daniel
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<div style="line-height:16px; margin:6px 0; padding:8px 8px 8px
8px; border-top:1px #aeb1a6 dotted; border-bottom:1px #aeb1a6
dotted; font-family: 'Lucida Sans', Lucida Grande, Verdana,
Arial, Sans-Serif; font-size:11px; color:#555555;"> <strong
style="color:#333333; text-transform:uppercase;
font-size:10px;"> Marco Capetta </strong> <br>
VoIP Developer
<p> <a href="http://www.sipwise.com" style="color:rgb(0, 136,
204) !important; text-decoration:none !important;
border-bottom:1px dotted #AAA;" moz-do-not-send="true">
Sipwise GmbH </a> , Campus 21/Europaring F15<br>
AT-2345 Brunn am Gebirge </p>
<p> Phone: <a href="tel:+4313012044" style="color:rgb(0,
136, 204) !important; text-decoration:none !important;
border-bottom:1px dotted #AAA;" moz-do-not-send="true">
+43(0)1 301 2044 </a> <br>
Email: <a href="mailto:mcapetta@sipwise.com"
style="color:rgb(0, 136, 204) !important;
text-decoration:none !important; border-bottom:1px dotted
#AAA;" moz-do-not-send="true"> mcapetta@sipwise.com </a>
<br>
Website: <a href="http://www.sipwise.com"
style="color:rgb(0, 136, 204) !important;
text-decoration:none !important; border-bottom:1px dotted
#AAA;" moz-do-not-send="true"> www.sipwise.com </a> </p>
<p> Particulars according Austrian Companies Code paragraph 14<br>
"Sipwise GmbH" - Europaring F15 - 2345 Brunn am Gebirge<br>
FN:305595f, Commercial Court Vienna, ATU64002206 </p>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Kamailio (SER) - Users Mailing List
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- <a class="moz-txt-link-freetext" href="https://asipto.com/u/kat">https://asipto.com/u/kat</a></pre>
</body>
</html>