Re: [SR-Users] How to enable TLS compression

hi, all. After study the source code of kamailio, I found that: If a more higher openssl was adopted, #if OPENSSL_VERSION_NUMBER >= 0x00908000L then, within function init_tls_compression(), it (kamailio) will read conf parameter : cfg_get(tls, tls_cfg, disable_compression) but, this method was called with mod_register --> tls_pre_init --> init_tls_compression, when , the mod_init() was not invoked, and , the invocation: cfg_get(tls, tls_cfg, disable_compression) always return 1 , what was the default value. thus, if a new brand openssl was adopted, the compression was always disabled. It sound like a bug? btw: I know TLS with compression was not a good idea, but i had to try this solution for some business cause. thanks all very much. rixin liu ------------------ Original ------------------ From: "Olle E. Johansson"<oej(a)edvina.net>ina.net>; Date: Tue, May 6, 2014 10:58 PM To: "Daniel Constantin Mierla"<miconda(a)gmail.com>ail.com>; "Kamailio (SER) - Users Mailing List"<sr-users(a)lists.sip-router.org>ter.org>; Subject: Re: [SR-Users] How to enable TLS compression The general recommendation from TLS security experts is to never ever use TLS compression. /O On 06 May 2014, at 16:38, Daniel-Constantin Mierla <miconda(a)gmail.com> wrote: Hello, what libssl version do you have? Some of them have bugs related to compression and the feature is disabled if such case is discovered. You can set debug=3 and send over the log messages from startup. Cheers, Daniel On 06/05/14 11:36, 刘日新 wrote: Hi, all. I has configure kamailio.cfg as below: #!ifdef WITH_TLS modparam("tls", "session_id", "vic22") modparam("tls", "session_cache",1) modparam("tls", "tls_disable_compression",0) modparam("tls", "config", "/usr/cfg/tls.cfg") #!endif I was sure that this configure segment was included , in case that I set a wrong path to modparam("tls", "config", "/wrong paths/tls.cfg") the kamailio can`t boost and raised error. But, when I debug this configure with gdb, I found that, within method : init_tls_compression(), Line 384 of tls_init.c 384 } else if (cfg_get(tls, tls_cfg, disable_compression)){ 385 LOG(L_INFO, "tls: init_tls: disabling compression...\n"); 386 sk_SSL_COMP_zero(comp_methods); The param value from cfg was always 1, namely: Ø print ((struct cfg_group_tls *)tls_cfg)->disable_compression 1 Why that? Are there something wrong? B.R. Rixin liu _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda_________________________________________… SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users