[SR-Users] How to enable TLS compression

Olle E. Johansson oej at edvina.net
Tue May 6 16:58:04 CEST 2014 

The general recommendation from TLS security experts is to never ever use TLS compression.

/O

On 06 May 2014, at 16:38, Daniel-Constantin Mierla <miconda at gmail.com> wrote:

> Hello,
> 
> what libssl version do you have? Some of them have bugs related to compression and the feature is disabled if such case is discovered.
> 
> You can set debug=3 and send over the log messages from startup.
> 
> Cheers,
> Daniel
> 
> 
> On 06/05/14 11:36, 刘日新 wrote:
>> Hi, all.
>>  
>> I has configure kamailio.cfg as below:
>>  
>> #!ifdef WITH_TLS
>> modparam("tls", "session_id", "vic22")
>> modparam("tls", "session_cache",1)
>> modparam("tls", "tls_disable_compression",0)
>> modparam("tls", "config", "/usr/cfg/tls.cfg")
>> #!endif
>>  
>> I was sure that this configure segment was included , in case that I set a wrong path to
>> modparam("tls", "config", "/wrong paths/tls.cfg")
>> the kamailio can`t boost and raised error.
>>  
>> But, when I debug this configure with gdb, I found that, within method : init_tls_compression(),
>> Line 384 of tls_init.c
>>  
>> 384  } else if (cfg_get(tls, tls_cfg, disable_compression)){
>> 385            LOG(L_INFO, "tls: init_tls: disabling compression...\n");
>> 386            sk_SSL_COMP_zero(comp_methods);
>>  
>> The param value from cfg was always 1, namely:
>>  
>> Ø  print ((struct cfg_group_tls *)tls_cfg)->disable_compression
>> 1
>>  
>> Why that? Are there something wrong?
>>  
>> B.R.
>>  
>> Rixin liu
>>  
>> 
>> 
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> 
> -- 
> Daniel-Constantin Mierla - http://www.asipto.com
> http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140506/3c46d6b1/attachment.html>

More information about the sr-users mailing list