[SR-Users] How to enable TLS compression
liu rixin
liurixin at linxun.com
Tue May 6 17:48:22 CEST 2014
hi, all.
After study the source code of kamailio, I found that:
If a more higher openssl was adopted,
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
then, within function init_tls_compression(), it (kamailio) will read conf parameter :
cfg_get(tls, tls_cfg, disable_compression)
but, this method was called with mod_register --> tls_pre_init --> init_tls_compression,
when , the mod_init() was not invoked, and , the invocation:
cfg_get(tls, tls_cfg, disable_compression)
always return 1 , what was the default value.
thus, if a new brand openssl was adopted, the compression was always disabled.
It sound like a bug?
btw: I know TLS with compression was not a good idea, but i had to try this solution for some business cause.
thanks all very much.
rixin liu
------------------ Original ------------------
From: "Olle E. Johansson"<oej at edvina.net>;
Date: Tue, May 6, 2014 10:58 PM
To: "Daniel Constantin Mierla"<miconda at gmail.com>; "Kamailio (SER) - Users Mailing List"<sr-users at lists.sip-router.org>;
Subject: Re: [SR-Users] How to enable TLS compression
The general recommendation from TLS security experts is to never ever use TLS compression.
/O
On 06 May 2014, at 16:38, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
Hello,
what libssl version do you have? Some of them have bugs related to compression and the feature is disabled if such case is discovered.
You can set debug=3 and send over the log messages from startup.
Cheers,
Daniel
On 06/05/14 11:36, 刘日新 wrote:
Hi, all.
I has configure kamailio.cfg as below:
#!ifdef WITH_TLS
modparam("tls", "session_id", "vic22")
modparam("tls", "session_cache",1)
modparam("tls", "tls_disable_compression",0)
modparam("tls", "config", "/usr/cfg/tls.cfg")
#!endif
I was sure that this configure segment was included , in case that I set a wrong path to
modparam("tls", "config", "/wrong paths/tls.cfg")
the kamailio can`t boost and raised error.
But, when I debug this configure with gdb, I found that, within method : init_tls_compression(),
Line 384 of tls_init.c
384 } else if (cfg_get(tls, tls_cfg, disable_compression)){
385 LOG(L_INFO, "tls: init_tls: disabling compression...\n");
386 sk_SSL_COMP_zero(comp_methods);
The param value from cfg was always 1, namely:
Ø print ((struct cfg_group_tls *)tls_cfg)->disable_compression
1
Why that? Are there something wrong?
B.R.
Rixin liu
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users at lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users at lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140506/4be05573/attachment.html>
More information about the sr-users
mailing list