24 Jun
2022
24 Jun
'22
3:15 p.m.
Daniel,
Thanks for clarifying this!
And to ask, is websocket module also uses libssl indirectly or should not
be the cause in this one? (I'm not using http or so).
Le ven. 24 juin 2022 à 08:36, Daniel-Constantin Mierla <miconda(a)gmail.com>
a écrit :
Hello,
to add to this topic: tls module runs smooth when no other module uses an
external library that is linked also with tls, I didn't have issue with in
the past few years.
But if another module that indirectly links also the libssl, I also got
random crashes, usually during events when kamailio code is not involved at
all. For example, a while ago using the http_client module (which uses
libcurl that linked also libssl) resulted in sporadic crashes during tls
handshake -- that's all in libssl, nothing to do with sip traffic at that
stage. And actually there were also crashes when opening the connection to
the https server. The behaviour was non-deterministic, months without any
issue, then 1-2 crashes in a week or so, then all good as well. I somehow
related it to minor updates of the operating system.
After all, I ended up writing ruxc module to have an alternative
http_client() function and from that moment no libssl related crash on the
respective system. Strange that on another customer having same OS and
using http_client() function, all was and still is fine. So it could be
also related to tls settings in both sides of the connection (e.g.,
ciphers, renegotiation, tls version, ...).
If you migrate to kamailio 5.6.x, then you can also try using tlsa module
instead of tls, that should isolate the global libssl contexts, one inside
the tlsa and one in those modules linking dynamically libssl.
Cheers,
Daniel
On 23.06.22 16:46, Karsten Horsmann wrote:
Hi Igor,
I jumped from 5.3 to 5.5.x so I read carefull the changelog and migrate
steps.
https://www.kamailio.org/wiki/features/new-in-5.5.x
Show a bit about tls.
Igor Olhovskiy <igorolhovskiy(a)gmail.com> schrieb am Mi., 22. Juni 2022,
21:08:
--
Best regards,
Igor
Karsten,
Thanks for your answer!
Out of your head, were there any significant changes in TCP/TLS on 5.4 ->
5.5 change?
Regards,
Igor
Le 22.06.2022 à 18:11, Karsten Horsmann a écrit :
Hi Igor,
I also use CentOS 7 with the same openssl version and between 1000 up to
2000 tls/wss connections.
Works for me. Main difference I use Kamailio 5.5.x
Kind regards
Karsten Horsmann
Igor Olhovskiy <igorolhovskiy(a)gmail.com> schrieb am Mi., 22. Juni 2022,
10:36:
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda --
www.linkedin.com/in/miconda
Kamailio Advanced Training - Online: June 20-23, 2022
* https://www.asipto.com/sw/kamailio-advanced-training-online/
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hello!
Due to I still experience irregular Kamailio 5.4 crashes (like 1/month)
related to SSL (using websockets and SIPS) I'm wondering, could openSSL
upgrade change the situation?
As of now in CentOS 7 I have 1.0.2k version.
Does anyone have experience to fix crash-related to TLS problems with
openSSL upgrade?
Or maye some tuneup of TCP parameters can help here?My current setup is
quite simple:
children=4
enable_tls=yes
tcp_accept_no_cl=yes
tcp_connection_lifetime=600
tcp_max_connections=998976 # 1000000 - 1024, so we're leaving 1k for
system reserve
tls_max_connections=998976
Number of clients ~ 200 constantly connected to websocket.
--
Best regards,
Igor
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* sr-users(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
* https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users