[Serusers] SER listening on TCP
pelinescu-onciul at fokus.fraunhofer.de
Thu Jul 10 20:11:22 CEST 2003
On Jul 10, 2003 at 19:29, Johan Bilien <jobi at via.ecp.fr> wrote:
> On Thu, Jul 10, 2003, Andrei Pelinescu-Onciul wrote:
> > No. stunnel is used for SSL-tunneling inetd daemons. It won't work with
> > ser. sip proxies have to be able to open new connections (they can't be
> > run from inetd).
> > Even if you use it to re-inject the packets on another port (e.g. send
> > all the ssl stuff on tcp localhost:5060 via netcat) you will still not
> > have a tls sip server (any connections opened from ser side will still
> > be non-tls).
> > A TLS sip proxy should also support sips: uris.
> I agree it would not be able to handle outgoing connections. Still,
> this should allow TLS communication between the UA and its proxy
> (especially REGISTER), correct me if I'm wrong.
Yes but only for a while :-) tcp connections time out after some time. If
they are not used, they will be closed. So the tcp connection between
ser and stunnel will be closed and then if ser wants to send something
back to your UA, it will try to open a new connection to it.
You could try to increase the default timeouts (see tcpconn.h:
> > BTW: what tls-enabled sip uac do you use?
> I just tried connecting to my stunnel with Windows Messenger, but it
> failed with almost no reason given. I will tried to see what happens
> with tcpdump.
It seems Messenger does not work with openssl (I don't know if it works
with something at all). It will go through the ssl handshake and
immediately after that it will close the underlying tcp connection
without any reason or error messages. It doesn't even bother to send a
ssl close notify.
More information about the sr-users