Observation: most of these faults are in tls_accept() even before the SSL * object is shared and used by multiple workers (in the steady state) — this is strange as we normally associate OpenSSL “problems” with using SSL * in multiple processes.

It seems to be related to (1) error handling and/or (2) handshaking with asymmetric keys.

If anyone is in a position to try with PSK it would be an interesting data point (not sure if kamailio's tls.so can be used with PSK though...).

I have reproduced similar crashes with OpenSSL 3.0.x and most of them occur in tls_accept() in various places with both RSA/ECDSA keys.

For workarounds: you can try tls_wolfssl (disclaimer: I am the contributor of this module) or tlsa/OpenSSL 1.1.1. I don't recommend tlsa/OpenSSL 3.x.x as I can reproduce such crashes in that scenario. For 5.7.2/3 you would have to build these modules yourself.

We are currently facing this issue aswell and what I can tell is that it happens with OpenSSL 1.1.1 too. Not tried tls_wolfssl.

—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.