[SR-Users] Testing kxlibssl prng for tls module
Daniel-Constantin Mierla
miconda at gmail.com
Wed Oct 9 13:59:30 CEST 2019
Hello,
ok.
If you run the patched version, update to use the latest version in 5.2
branch and set the rand_engine to cryptorand for better randomness to
ensure strong level of security for tls.
Cheers,
Daniel
On 09.10.19 13:50, Marco Capetta wrote:
> Hi Daniel,
>
> unfortunately I cannot do test at the moment on the platform where I
> had the issue.
> If I'll be able to replicate the issue on another system, I'll test it
> for sure.
>
> Thanks
>
> Cheers,
> Marco
>
>
> On 10/8/19 4:42 PM, Daniel-Constantin Mierla wrote:
>> Hello Marco,
>>
>> I am writing to see if you can test the kxlibssl prng that I just added
>> for tls module. I want to see if exposes the same issue you reported in:
>>
>> * https://github.com/kamailio/kamailio/issues/2077
>>
>> If you can't test with master branch, you need to backport two commits:
>>
>> *
>> https://github.com/kamailio/kamailio/commit/99eafac2d92533ba93cd8244173aef0db0e76b0c
>>
>> *
>> https://github.com/kamailio/kamailio/commit/a52f05087a211bfecd36300907d0bff7170e08ec
>>
>> Then set:
>>
>> modparam("tls", "rand_engine", "kxlibssl")
>>
>> The latest branch 5.2 has the code for setting custom prng backported.
>>
>> The idea behind kxlibssl prng is to reuse the function of the default
>> libssl v1.1.x prng, but guarded by a kamailio specific mutex.
>>
>> Cheers,
>> Daniel
>>
>
> --
> *Marco Capetta *
> VoIP Developer
>
> Sipwise GmbH <http://www.sipwise.com> , Campus 21/Europaring F15
> AT-2345 Brunn am Gebirge
>
> Phone: +43(0)1 301 2044 <tel:+4313012044>
> Email: mcapetta at sipwise.com <mailto:mcapetta at sipwise.com>
> Website: www.sipwise.com <http://www.sipwise.com>
>
> Particulars according Austrian Companies Code paragraph 14
> "Sipwise GmbH" - Europaring F15 - 2345 Brunn am Gebirge
> FN:305595f, Commercial Court Vienna, ATU64002206
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- https://asipto.com/u/kat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20191009/21e96349/attachment.html>
More information about the sr-users
mailing list