[SR-Users] Why Kamailio reply with null compression method when TLS handshake?

刘日新 liurixin at linxun.com
Tue May 13 12:34:40 CEST 2014 

Hi, all.
	
	I has set up a Kamailio server with TLS & compression enabled, I
thought I set most things suitable ,
    I has set 
    modparam("tls","tls_disable_compression",0)
    I can find such log records as below when Kamailio boost:
	
	0(10905) INFO: tls [tls_init.c:549]: init_tls_h(): tls: _init_tls_h:
compiled  with  openssl  version "OpenSSL 1.0.0-fips 29 Mar 2010"
(0x10000003), kerberos support: on, compression: on
 0(10905) INFO: tls [tls_init.c:557]: init_tls_h(): tls: init_tls_h:
installed openssl library version "OpenSSL 1.0.0-fips 29 Mar 2010"
(0x10000003), kerberos support: on,  zlib compression: on
 compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack
-DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM
 0(10905) WARNING: tls [tls_init.c:611]: init_tls_h(): tls: openssl bug
#1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls
operations will fail preemptively) with free memory thresholds 11534336 and
5767168 bytes
 0(10905) INFO: <core> [cfg/cfg_ctx.c:613]: cfg_set_now(): INFO:
cfg_set_now(): tls.low_mem_threshold1 has been changed to 11534336
 0(10905) INFO: <core> [cfg/cfg_ctx.c:613]: cfg_set_now(): INFO:
cfg_set_now(): tls.low_mem_threshold2 has been changed to 5767168

	And I run 
    kamcmd tls.options, 
   I got:
	{
        force_run: 0
        method: TLSv1
        verify_certificate: 0
        verify_depth: 9
        require_certificate: 0
        private_key: /ca/cert.pem
        ca_list: 
        certificate: /ca/cert.pem
        cipher_list: 
        session_cache: 1
        session_id: vic22
        config: /etc/kamailio/tls.cfg
        log: 3
        debug: 3
        connection_timeout: 600
        disable_compression: 0
        ssl_release_buffers: -1
        ssl_freelist_max: -1
        ssl_max_send_fragment: -1
        ssl_read_ahead: 0
        send_close_notify: 0
        low_mem_threshold1: 11534336
        low_mem_threshold2: 5767168
        ct_wq_max: 10485760
        con_ct_wq_max: 65536
        ct_wq_blk_size: 4096
}




  But when My UA connect to this server, when TLS handshake, I can find that
the clienthello with two compression method :1 (deflate) and 0 (null), but
the server side reply with just one compression method: 0( null), thus the
compression was disabled through the following communication.

  Why? are there any others issue can impact the behavior of Kamailio?
  Any hints will be appreciated.
	
  B.R.
	
 Rixin liu

More information about the sr-users mailing list