hi, all.

After study the source code of kamailio, I found that:
If a more higher openssl was adopted, 

#if OPENSSL_VERSION_NUMBER >= 0x00908000L

then, within function init_tls_compression(), it (kamailio) will read conf parameter :

cfg_get(tls, tls_cfg, disable_compression)

but, this method was called with  mod_register --> tls_pre_init --> init_tls_compression,
when , the mod_init() was not invoked, and , the invocation:
  cfg_get(tls, tls_cfg, disable_compression)
always return 1 , what was the default value.
thus, if a new brand openssl was adopted, the compression was always disabled.
It sound like a bug?

btw: I know TLS with compression was not a good idea, but i had to try this solution for some business  cause.

thanks all very much.

rixin liu




 
 
------------------ Original ------------------
Date:  Tue, May 6, 2014 10:58 PM
To:  "Daniel Constantin Mierla"<miconda@gmail.com>; "Kamailio (SER) - Users Mailing List"<sr-users@lists.sip-router.org>;
Subject:  Re: [SR-Users] How to enable TLS compression
 
The general recommendation from TLS security experts is to never ever use TLS compression.

/O

On 06 May 2014, at 16:38, Daniel-Constantin Mierla <miconda@gmail.com> wrote:

Hello,

what libssl version do you have? Some of them have bugs related to compression and the feature is disabled if such case is discovered.

You can set debug=3 and send over the log messages from startup.

Cheers,
Daniel


On 06/05/14 11:36, 刘日新 wrote:
Hi, all.
 
I has configure kamailio.cfg as below:
 
#!ifdef WITH_TLS
modparam("tls", "session_id", "vic22")
modparam("tls", "session_cache",1)
modparam("tls", "tls_disable_compression",0)
modparam("tls", "config", "/usr/cfg/tls.cfg")
#!endif
 
I was sure that this configure segment was included , in case that I set a wrong path to
modparam("tls", "config", "/wrong paths/tls.cfg")
the kamailio can`t boost and raised error.
 
But, when I debug this configure with gdb, I found that, within method : init_tls_compression(),
Line 384 of tls_init.c
 
384  } else if (cfg_get(tls, tls_cfg, disable_compression)){
385            LOG(L_INFO, "tls: init_tls: disabling compression...\n");
386            sk_SSL_COMP_zero(comp_methods);
 
The param value from cfg was always 1, namely:
 
Ø  print ((struct cfg_group_tls *)tls_cfg)->disable_compression
1
 
Why that? Are there something wrong?
 
B.R.
 
Rixin liu
 


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla - http://www.asipto.com
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users