Hi!
I've tried the new TLS module:
1. It breaks compatibility with old TLS stack: Even when configured to use TLSv1, it sends an SSLv2 compatible HELLO:
server2:~# ssldump New TCP connection #1: 10.10.0.41(33107) <-> 10.10.0.42(5063) 1 1 0.0088 (0.0088) C>S SSLv2 compatible client hello Version 3.1
I do not know if this is a problem with the new or the old stack. Further I do not know what other TLS enabled SIP products use. Do they accept SSL compatible HELLOs?
2. If there is an error during the TLS handshake (like above), ser keeps hanging without doing anything. IMO it shoud respond with error message (like it does when it can't establish a TCP connection):
ser other proxy --INVITE--> <-100 ----- <-----TCP handshake----> --------TLS HELLO------> <---TCP RST ------------ ..... nothing happens ..... Instead I would expect: <-477 TLS error---
00:21:41 server1 ser[3792]: ERROR: tls_server.c:275: IO error: (104) Connection reset by peer 00:21:41 server1 ser[3792]: ERROR: tcp_send: failed to send
regards Klaus