9 Oct
2019
9 Oct
'19
2:59 p.m.
Hello,
ok.
If you run the patched version, update to use the latest version in 5.2
branch and set the rand_engine to cryptorand for better randomness to
ensure strong level of security for tls.
Cheers,
Daniel
On 09.10.19 13:50, Marco Capetta wrote:
Hi Daniel,
unfortunately I cannot do test at the moment on the platform where I
had the issue.
If I'll be able to replicate the issue on another system, I'll test it
for sure.
Thanks
Cheers,
Marco
On 10/8/19 4:42 PM, Daniel-Constantin Mierla wrote:
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- https://asipto.com/u/kat
Hello Marco,
I am writing to see if you can test the kxlibssl prng that I just added
for tls module. I want to see if exposes the same issue you reported in:
* https://github.com/kamailio/kamailio/issues/2077
If you can't test with master branch, you need to backport two commits:
*
https://github.com/kamailio/kamailio/commit/99eafac2d92533ba93cd8244173aef0…
*
https://github.com/kamailio/kamailio/commit/a52f05087a211bfecd36300907d0bff…
Then set:
modparam("tls", "rand_engine", "kxlibssl")
The latest branch 5.2 has the code for setting custom prng backported.
The idea behind kxlibssl prng is to reuse the function of the default
libssl v1.1.x prng, but guarded by a kamailio specific mutex.
Cheers,
Daniel
--
*Marco Capetta *
VoIP Developer
Sipwise GmbH <http://www.sipwise.com> , Campus 21/Europaring F15
AT-2345 Brunn am Gebirge
Phone: +43(0)1 301 2044 <tel:+4313012044>
Email: mcapetta(a)sipwise.com <mailto:mcapetta@sipwise.com>
Website: www.sipwise.com <http://www.sipwise.com>
Particulars according Austrian Companies Code paragraph 14
"Sipwise GmbH" - Europaring F15 - 2345 Brunn am Gebirge
FN:305595f, Commercial Court Vienna, ATU64002206
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users