[SR-Users] Via header force change protocol to TLS?

Daniel-Constantin Mierla miconda at gmail.com
Wed Feb 7 14:20:44 CET 2018


On 05.02.18 05:56, Anthony Alba wrote:
> I have kamailio behind a TLS termination proxy so the sockets are
> correctly deduced to be TCP. However the clients only talk TLS to the
> proxy and are confused when the top Via header added by Kamailio is
> TCP. Is there a way for Kamailio to forcibly pretend its protocol is
> TLS? Like advertised_address but "advertised_protocol"  instead. 
> (With pjsip testing: it has a flag use_tls which ignores TCP from
> Kamailio and continues to use the persistent TLS transport to proxy.
> Linphone fails because it tries to honor TCP in Via and is unable to
> establish TCP transport). 
> BTW I am using t_relay_to_tcp so Kamailio will return traffic to the
> proxy as TCP even though the contact addresses specify transport=TLS.
there is no advertise_protocol as far as I know. If you want to go down
the route with a patch to the C code, you have to be careful at TLS
callbacks, because if the protocol is detected to be tls, some
encryption/decryption callbacks may be executed. I am not sure how much,
or if any, the impact is, just throwing it as a notice in advance.


Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - March 5-7, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

More information about the sr-users mailing list