Hello,
the renegotiation parameter is for cyphers, not for reusing the session.
Kamailio relies on libssl and does not do anything specific for reusing the session.
On the other hand, maybe you refer to reusing the same connections between kamailio and the next sip node, for the traffic that is going to be sent there, no matter if it is the same SIP call/registration/... This is from the SIP specs, the tls connection is to associated with the SIP session, so SIP messages from many calls are sent over the same tls connection.
Cheers,
Daniel
Also , forgot to mention that on the same centos 8 host, I sent openssl s_client to port 5061 using TLS 1.2 and it does not send session ID information in the clientHello TLS handshake message.
On Sunday, March 7, 2021, 04:01:02 PM PST, Rupesh Kumar <rupesh_kumar@sbcglobal.net> wrote:
_______________________________________________Hi,
I am running kamailio 5.2.6 on centos 8 and openssl 1.1.1c and connecting and using it as a proxy sip endpoints to a legacy PBX over TLS.
The connection to the backend PBX is over TLS 1.2 . Whenever kamailio initiates a TLS connection to the PBX, it uses session ID and a random session id . The server side has a bug and cannot handle the TLS session resuse apparently because of some bug/issue in caching the TLS sessions.
The renegotiation and session_cache is by default turned off and I also explicitly set to 0 via modparam but kamailio would always send the session ID in the initial client hello and this is causing us trouble. Any help would be greatly appreciated.
Regards,
RK
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Funding: https://www.paypal.me/dcmierla