12 Mar
2007
12 Mar
'07
10:28 a.m.
Bogdan-Andrei Iancu wrote:
- When I have
tls_verify_client = 1 tls_require_client_certificate = 1
in my cfg file, ser still accepts tcp and udp connections, despite tls_require_client_certificate=1. I did a search, and found this way:
if (proto != TLS) { sl_send_reply("403", "Forbidden"); exit; };
However SER is really still listening on UDP and TCP port 5060. Is there a way to configure SER such that it only listens and acknowledges TLS connections?
do: disable_tcp = yes to get rid of TCP
for UDP is not so simple as RFC make mandatory for a proxy to use UDP. So, you have to do it from script.
or just configure iptables ( or antother firewall) to drop packets to port 5060 UDP and TCP.
regards klaus
--
Klaus Darilion
nic.at