[Serusers] TLS comments
Klaus Darilion
klaus.mailinglists at pernau.at
Wed Feb 1 10:46:49 CET 2006
Hi!
I've tried the new TLS module:
1. It breaks compatibility with old TLS stack: Even when configured to
use TLSv1, it sends an SSLv2 compatible HELLO:
server2:~# ssldump
New TCP connection #1: 10.10.0.41(33107) <-> 10.10.0.42(5063)
1 1 0.0088 (0.0088) C>S SSLv2 compatible client hello
Version 3.1
I do not know if this is a problem with the new or the old stack.
Further I do not know what other TLS enabled SIP products use. Do they
accept SSL compatible HELLOs?
2. If there is an error during the TLS handshake (like above), ser keeps
hanging without doing anything. IMO it shoud respond with error message
(like it does when it can't establish a TCP connection):
ser other proxy
--INVITE-->
<-100 -----
<-----TCP handshake---->
--------TLS HELLO------>
<---TCP RST ------------
.....
nothing happens
.....
Instead I would expect:
<-477 TLS error---
00:21:41 server1 ser[3792]: ERROR: tls_server.c:275: IO error: (104)
Connection reset by peer
00:21:41 server1 ser[3792]: ERROR: tcp_send: failed to send
regards
Klaus
More information about the sr-users
mailing list