
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    Hello,<br>

    <br>

    thanks for testing.<br>

    <br>

    Regarding tls_max_connections, I just pushed two patches, can you

    try with them?<br>

    <br>

    Cheers,<br>

    Daniel<br>

    <br>

    On 12/19/11 11:04 PM, Jijo wrote:

    <blockquote

cite="mid:CAOYmDE9jU34MCdDbLWE-EEKXV0PzAZqV5MrdsgtogkR7qsAbnQ@mail.gmail.com"

      type="cite">

      <div>HI,</div>

      <div>&nbsp;</div>

      <div>I merged the changes to kamailio 3.1.0 and tested. I set

        tls_max_connections to 6, but i don't see the connections closed

        after 6. kamailio still accepting the connection.</div>

      <div>&nbsp;</div>

      <div>sercmd&gt; core.tcp_info<br>

        {<br>

        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; readers: 20<br>

        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; max_connections: 2048<br>

        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; max_tls_connections: 6<br>

        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; opened_connections: 357<br>

        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; opened_tls_connections: 353<br>

        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; write_queued_bytes: 0<br>

        }</div>

      <div>&nbsp;</div>

      <div>Thanks for implementing tls renegotiation, i tested that too,

        which is working fine.</div>

      <div>&nbsp;</div>

      <div>Thanks</div>

      <div>JIjo<br>

      </div>

      <div class="gmail_quote">On Thu, Dec 15, 2011 at 5:38 AM,

        Daniel-Constantin Mierla <span dir="ltr">&lt;<a

            moz-do-not-send="true" href="mailto:miconda@gmail.com">miconda@gmail.com</a>&gt;</span>

        wrote:<br>

        <blockquote style="border-left: 1px solid rgb(204, 204, 204);

          margin: 0px 0px 0px 0.8ex; padding-left: 1ex;"

          class="gmail_quote">

          <div text="#000000" bgcolor="#FFFFFF">Hello,<br>

            <br>

            I know tls_max_connection is not the solution, but in the

            context of this discussion resulted that would be good to

            have such parameter, so I added it -- it was faster that

            setting a testbed to work on the ssl-dos attack as I was

            traveling. So I thought you can test it a bit as well, since

            you have such config in place, to be sure it works.<br>

            <br>

            Thanks,<br>

            Daniel

            <div>

              <div class="h5"><br>

                <br>

              </div>

            </div>

          </div>

        </blockquote>

      </div>

    </blockquote>

    <br>

    <blockquote

cite="mid:CAOYmDE9jU34MCdDbLWE-EEKXV0PzAZqV5MrdsgtogkR7qsAbnQ@mail.gmail.com"

      type="cite">

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">-- 

Daniel-Constantin Mierla -- <a class="moz-txt-link-freetext" href="http://www.asipto.com">http://www.asipto.com</a>

<a class="moz-txt-link-freetext" href="http://linkedin.com/in/miconda">http://linkedin.com/in/miconda</a> -- <a class="moz-txt-link-freetext" href="http://twitter.com/miconda">http://twitter.com/miconda</a></pre>

  </body>

</html>