
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>Hello,</p>

    <p>the renegotiation parameter is for cyphers, not for reusing the

      session.</p>

    <p>Kamailio relies on libssl and does not do anything specific for

      reusing the session.</p>

    <p>On the other hand, maybe you refer to reusing the same

      connections between kamailio and the next sip node, for the

      traffic that is going to be sent there, no matter if it is the

      same SIP call/registration/... This is from the SIP specs, the tls

      connection is to associated with the SIP session, so SIP messages

      from many calls are sent over the same tls connection.</p>

    <p>Cheers,<br>

      Daniel<br>

    </p>

    <div class="moz-cite-prefix">On 08.03.21 01:33, Rupesh Kumar wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:1813896676.1018512.1615163586751@mail.yahoo.com">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <div class="ydp6bb94e60yahoo-style-wrap"

        style="font-family:Helvetica Neue, Helvetica, Arial,

        sans-serif;font-size:13px;">

        <div dir="ltr" data-setdir="false">Also , forgot to mention that

          on the same centos 8 host, I sent openssl s_client to port

          5061 using TLS 1.2 and it does not send session ID information

          in the clientHello TLS handshake message.</div>

        <div><br>

        </div>

      </div>

      <div id="yahoo_quoted_5285232137" class="yahoo_quoted">

        <div style="font-family:'Helvetica Neue', Helvetica, Arial,

          sans-serif;font-size:13px;color:#26282a;">

          <div> On Sunday, March 7, 2021, 04:01:02 PM PST, Rupesh Kumar

            <a class="moz-txt-link-rfc2396E" href="mailto:rupesh_kumar@sbcglobal.net"><rupesh_kumar@sbcglobal.net></a> wrote: </div>

          <div><br>

          </div>

          <div><br>

          </div>

          <div>

            <div id="yiv2661447806">

              <div>

                <div class="yiv2661447806yahoo-style-wrap"

                  style="font-family:Helvetica Neue, Helvetica, Arial,

                  sans-serif;font-size:13px;">

                  <div dir="ltr">Hi,</div>

                  <div dir="ltr"><br>

                  </div>

                  <div dir="ltr">I am running kamailio 5.2.6 on centos 8

                    and openssl 1.1.1c and connecting and using it as a

                    proxy sip endpoints to a legacy PBX over TLS.</div>

                  <div dir="ltr"><br>

                  </div>

                  <div dir="ltr">The connection to the backend PBX is

                    over TLS 1.2 . Whenever kamailio initiates a TLS

                    connection to the PBX, it uses session ID and a

                    random session id . The server side has a bug and

                    cannot handle the TLS session resuse apparently

                    because of some bug/issue in caching the TLS

                    sessions.</div>

                  <div dir="ltr"><br>

                  </div>

                  <div dir="ltr">The renegotiation and session_cache is

                    by default turned off and I also explicitly set to 0

                    via modparam but kamailio would always send the

                    session ID in the initial client hello and this is

                    causing us trouble. Any help would be greatly

                    appreciated.</div>

                  <div dir="ltr"><br>

                  </div>

                  <div dir="ltr"><a rel="nofollow noopener noreferrer"

                      target="_blank"

href="https://kamailio.org/docs/modules/5.2.x/modules/tls.html#tls.p.renegotiation"

                      moz-do-not-send="true">https://kamailio.org/docs/modules/5.2.x/modules/tls.html#tls.p.renegotiation</a><br>

                  </div>

                  <div dir="ltr"><br>

                  </div>

                  <div dir="ltr">Regards,</div>

                  <div dir="ltr"><br>

                    RK</div>

                </div>

              </div>

            </div>

            _______________________________________________<br>

            Kamailio (SER) - Users Mailing List<br>

            <a ymailto="mailto:sr-users@lists.kamailio.org"

              href="mailto:sr-users@lists.kamailio.org"

              moz-do-not-send="true">sr-users@lists.kamailio.org</a><br>

            <a

              href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"

              target="_blank" moz-do-not-send="true">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>

          </div>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

Kamailio (SER) - Users Mailing List

<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>

<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

    </blockquote>

    <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>

<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>

Funding: <a class="moz-txt-link-freetext" href="https://www.paypal.me/dcmierla">https://www.paypal.me/dcmierla</a></pre>

  </body>

</html>