Hello Marco,
I am writing to see if you can test the kxlibssl prng that I just added for tls module. I want to see if exposes the same issue you reported in:
* https://github.com/kamailio/kamailio/issues/2077
If you can't test with master branch, you need to backport two commits:
* https://github.com/kamailio/kamailio/commit/99eafac2d92533ba93cd8244173aef0d...
* https://github.com/kamailio/kamailio/commit/a52f05087a211bfecd36300907d0bff7...
Then set:
modparam("tls", "rand_engine", "kxlibssl")
The latest branch 5.2 has the code for setting custom prng backported.
The idea behind kxlibssl prng is to reuse the function of the default libssl v1.1.x prng, but guarded by a kamailio specific mutex.
Cheers, Daniel
Hi Daniel,
unfortunately I cannot do test at the moment on the platform where I had the issue. If I'll be able to replicate the issue on another system, I'll test it for sure.
Thanks
Cheers, Marco
On 10/8/19 4:42 PM, Daniel-Constantin Mierla wrote:
Hello Marco,
I am writing to see if you can test the kxlibssl prng that I just added for tls module. I want to see if exposes the same issue you reported in:
* https://github.com/kamailio/kamailio/issues/2077
If you can't test with master branch, you need to backport two commits:
* https://github.com/kamailio/kamailio/commit/99eafac2d92533ba93cd8244173aef0d...
* https://github.com/kamailio/kamailio/commit/a52f05087a211bfecd36300907d0bff7...
Then set:
modparam("tls", "rand_engine", "kxlibssl")
The latest branch 5.2 has the code for setting custom prng backported.
The idea behind kxlibssl prng is to reuse the function of the default libssl v1.1.x prng, but guarded by a kamailio specific mutex.
Cheers, Daniel
Hello,
ok.
If you run the patched version, update to use the latest version in 5.2 branch and set the rand_engine to cryptorand for better randomness to ensure strong level of security for tls.
Cheers, Daniel
On 09.10.19 13:50, Marco Capetta wrote:
Hi Daniel,
unfortunately I cannot do test at the moment on the platform where I had the issue. If I'll be able to replicate the issue on another system, I'll test it for sure.
Thanks
Cheers, Marco
On 10/8/19 4:42 PM, Daniel-Constantin Mierla wrote:
Hello Marco,
I am writing to see if you can test the kxlibssl prng that I just added for tls module. I want to see if exposes the same issue you reported in:
* https://github.com/kamailio/kamailio/issues/2077
If you can't test with master branch, you need to backport two commits:
* https://github.com/kamailio/kamailio/commit/99eafac2d92533ba93cd8244173aef0d...
* https://github.com/kamailio/kamailio/commit/a52f05087a211bfecd36300907d0bff7...
Then set:
modparam("tls", "rand_engine", "kxlibssl")
The latest branch 5.2 has the code for setting custom prng backported.
The idea behind kxlibssl prng is to reuse the function of the default libssl v1.1.x prng, but guarded by a kamailio specific mutex.
Cheers, Daniel
-- *Marco Capetta * VoIP Developer
Sipwise GmbH http://www.sipwise.com , Campus 21/Europaring F15 AT-2345 Brunn am Gebirge
Phone: +43(0)1 301 2044 tel:+4313012044 Email: mcapetta@sipwise.com mailto:mcapetta@sipwise.com Website: www.sipwise.com http://www.sipwise.com
Particulars according Austrian Companies Code paragraph 14 "Sipwise GmbH" - Europaring F15 - 2345 Brunn am Gebirge FN:305595f, Commercial Court Vienna, ATU64002206
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel-Constantin Mierla -
Marco Capetta