13 May
2014
13 May
'14
6:34 a.m.
Hi, all.
I has set up a Kamailio server with TLS & compression enabled, I
thought I set most things suitable ,
I has set
modparam("tls","tls_disable_compression",0)
I can find such log records as below when Kamailio boost:
0(10905) INFO: tls [tls_init.c:549]: init_tls_h(): tls: _init_tls_h:
compiled with openssl version "OpenSSL 1.0.0-fips 29 Mar 2010"
(0x10000003), kerberos support: on, compression: on
0(10905) INFO: tls [tls_init.c:557]: init_tls_h(): tls: init_tls_h:
installed openssl library version "OpenSSL 1.0.0-fips 29 Mar 2010"
(0x10000003), kerberos support: on, zlib compression: on
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack
-DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM
0(10905) WARNING: tls [tls_init.c:611]: init_tls_h(): tls: openssl bug
#1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls
operations will fail preemptively) with free memory thresholds 11534336 and
5767168 bytes
0(10905) INFO: <core> [cfg/cfg_ctx.c:613]: cfg_set_now(): INFO:
cfg_set_now(): tls.low_mem_threshold1 has been changed to 11534336
0(10905) INFO: <core> [cfg/cfg_ctx.c:613]: cfg_set_now(): INFO:
cfg_set_now(): tls.low_mem_threshold2 has been changed to 5767168
And I run
kamcmd tls.options,
I got:
{
force_run: 0
method: TLSv1
verify_certificate: 0
verify_depth: 9
require_certificate: 0
private_key: /ca/cert.pem
ca_list:
certificate: /ca/cert.pem
cipher_list:
session_cache: 1
session_id: vic22
config: /etc/kamailio/tls.cfg
log: 3
debug: 3
connection_timeout: 600
disable_compression: 0
ssl_release_buffers: -1
ssl_freelist_max: -1
ssl_max_send_fragment: -1
ssl_read_ahead: 0
send_close_notify: 0
low_mem_threshold1: 11534336
low_mem_threshold2: 5767168
ct_wq_max: 10485760
con_ct_wq_max: 65536
ct_wq_blk_size: 4096
}
But when My UA connect to this server, when TLS handshake, I can find that
the clienthello with two compression method :1 (deflate) and 0 (null), but
the server side reply with just one compression method: 0( null), thus the
compression was disabled through the following communication.
Why? are there any others issue can impact the behavior of Kamailio?
Any hints will be appreciated.
B.R.
Rixin liu