[sr-dev] [kamailio/kamailio] TLS: same TLSc is used for different outbound connection when it is switched with tls_set_connect_server_id() (#2760)

[Daniel-Constantin Mierla]

As I understood from the previous comment, it is same target address, but you want different tls connections with different certs.

SIP specifications decouple transport layer from SIP traffic, there is no relation between a SIP request/transaction/dialog and transport layer (in this case the TLS connection). Even more the specs recommend connection reuse, which is done here.

Practically, if the target is the same, then kamailio creates a single connection to it and it will be used for all traffic sent to the target, irrelevant of the SIP From headers or different dispatcher groups, a.s.o.

Looking at dispatcher records provided by @arkadiam, seems to be same case for him.

You can try to have different listen sockets for domains, if you have a few of them should be ok.

Otherwise, the tcp (tls) connection management code has to be changed, it may impact several components. It has to be coded in C.

Over all, it seems not to be an issue related to `ksr_tls_set_connect_server_id()`, if no other new information shows up soon to indicate a different conclusion, this issue can be closed.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2760#issuecomment-857681699
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20210609/09b11866/attachment.htm>