Chris Heiser schrieb:
Information on TLS and OpenSER with this specific
issues seems to be
scarce.
I have 2 different setups. One with about 130 registrations, one with
about 250. Both with SSLv23 turned on, and TLS is enabled in the phones.
What's odd is after some unknown amount of time, phones start dropping
like files and fail to re-register. (Our registration timer is set at 60
seconds to aid in failover).
Do all the phones register via TLS or only some phones register via DNS?
Do only the phones fail to REGISTER which use TLS or all of them?
Why do you use SSLv23? Using TLS would be the standard.
What's interesting is it appears that the SSL
handshake completely fails
when this starts to happen. The requests from the phones are smaller in
size (733 bytes about 970 for a good one). Suspicion would normally lie
with the phones. They're obviously not doing something right!
What's about debugging the handshake? Use ssldump to debug the
handshake. There should also be some logs in openser's logfile.
regards
klaus
Here's the kicker. If I fail over to another OpenSER proxy (we move the
IP over, use the same certs, etc...) everyone comes back up, and
everything is happy for hours, maybe a day, maybe a week, and then it all
starts going downhill again.
I've increased the number of OpenSER children, I've played with the
tcp_persistent_flag. None of these things have stopped the madness.
Anyone have any ideas or thoughts?
--Chris
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users