Hi list, I've seen the TLS documentation ( https://www.kamailio.org/docs/modules/5.2.x/modules/tls.html#tls.known_limit...) where it states that
TLS specific config reloading is not safe, so for now better don't use it, especially under heavy traffic. This note is there since version 3.0 and in 2013 there was some discussion about it but wthout anything conclusive.... What I would like to know if this is still the case. Is anyone running the TLS reload for certificate renovation for example, or is it better to restart Kamailio?
Thanks, Kind regards, Patrick Wakano
Using TLS reload every few months when let's encrypt cert renews, works fine all the time without doing full restart.
Cheers,
On Tue, Feb 26, 2019, 8:29 PM Patrick Wakano, pwakano@gmail.com wrote:
Hi list, I've seen the TLS documentation ( https://www.kamailio.org/docs/modules/5.2.x/modules/tls.html#tls.known_limit...) where it states that
TLS specific config reloading is not safe, so for now better don't use it, especially under heavy traffic. This note is there since version 3.0 and in 2013 there was some discussion about it but wthout anything conclusive.... What I would like to know if this is still the case. Is anyone running the TLS reload for certificate renovation for example, or is it better to restart Kamailio?
Thanks, Kind regards, Patrick Wakano _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Thanks Sergiu for your reply! That's exactly what I am planning to do. But I just want to make sure the reload would not cause me some problem in production....
Cheers, Patrick Wakano
On Wed, 27 Feb 2019 at 12:44, Sergiu Pojoga pojogas@gmail.com wrote:
Using TLS reload every few months when let's encrypt cert renews, works fine all the time without doing full restart.
Cheers,
On Tue, Feb 26, 2019, 8:29 PM Patrick Wakano, pwakano@gmail.com wrote:
Hi list, I've seen the TLS documentation ( https://www.kamailio.org/docs/modules/5.2.x/modules/tls.html#tls.known_limit...) where it states that
TLS specific config reloading is not safe, so for now better don't use it, especially under heavy traffic. This note is there since version 3.0 and in 2013 there was some discussion about it but wthout anything conclusive.... What I would like to know if this is still the case. Is anyone running the TLS reload for certificate renovation for example, or is it better to restart Kamailio?
Thanks, Kind regards, Patrick Wakano _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Been doing it like that too (kamailio+tls+LE+auto-reload) for quite some time now with 0 issues.. :)
On Tue, Feb 26, 2019 at 5:51 PM Patrick Wakano pwakano@gmail.com wrote:
Thanks Sergiu for your reply! That's exactly what I am planning to do. But I just want to make sure the reload would not cause me some problem in production....
Cheers, Patrick Wakano
On Wed, 27 Feb 2019 at 12:44, Sergiu Pojoga pojogas@gmail.com wrote:
Using TLS reload every few months when let's encrypt cert renews, works fine all the time without doing full restart.
Cheers,
On Tue, Feb 26, 2019, 8:29 PM Patrick Wakano, pwakano@gmail.com wrote:
Hi list, I've seen the TLS documentation ( https://www.kamailio.org/docs/modules/5.2.x/modules/tls.html#tls.known_limit...) where it states that
TLS specific config reloading is not safe, so for now better don't use it, especially under heavy traffic. This note is there since version 3.0 and in 2013 there was some discussion about it but wthout anything conclusive.... What I would like to know if this is still the case. Is anyone running the TLS reload for certificate renovation for example, or is it better to restart Kamailio?
Thanks, Kind regards, Patrick Wakano _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Am Mittwoch, 27. Februar 2019, 09:53:18 CET schrieb Joel Serrano:
Been doing it like that too (kamailio+tls+LE+auto-reload) for quite some time now with 0 issues.. :) [..]
Hello,
it looks that the warning in the module README is outdated. Maybe somebody could submit a pull request for an doc improvement.
Best regards,
Henning
Thanks for the feedback guys! Much appreciated! Kamailio and Let's Encrypt with TLS reload, is the way to go then!
Cheers! Patrick Wakano
On Thu, 28 Feb 2019 at 08:58, Henning Westerholt hw@kamailio.org wrote:
Am Mittwoch, 27. Februar 2019, 09:53:18 CET schrieb Joel Serrano:
Been doing it like that too (kamailio+tls+LE+auto-reload) for quite some time now with 0 issues.. :) [..]
Hello,
it looks that the warning in the module README is outdated. Maybe somebody could submit a pull request for an doc improvement.
Best regards,
Henning
-- Henning Westerholt - https://skalatan.de/blog/ Kamailio services - https://skalatan.de/services Kamailio security assessment - https://skalatan.de/de/assessment
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-
Henning Westerholt -
Joel Serrano -
Patrick Wakano -
Sergiu Pojoga