[OpenSER-Users] TLS Registrations start dropping?

Chris Heiser cheiser at config.name
Thu Nov 8 20:37:47 CET 2007


Information on TLS and OpenSER with this specific issues seems to be 
scarce.

I have 2 different setups.  One with about 130 registrations, one with 
about 250.  Both with SSLv23 turned on, and TLS is enabled in the phones. 
What's odd is after some unknown amount of time, phones start dropping 
like files and fail to re-register.  (Our registration timer is set at 60 
seconds to aid in failover).

What's interesting is it appears that the SSL handshake completely fails 
when this starts to happen.  The requests from the phones are smaller in 
size (733 bytes about 970 for a good one).  Suspicion would normally lie 
with the phones.  They're obviously not doing something right!

Here's the kicker.  If I fail over to another OpenSER proxy (we move the 
IP over, use the same certs, etc...) everyone comes back up, and 
everything is happy for hours, maybe a day, maybe a week, and then it all 
starts going downhill again.

I've increased the number of OpenSER children, I've played with the 
tcp_persistent_flag.  None of these things have stopped the madness.

Anyone have any ideas or thoughts?

--Chris




More information about the Users mailing list