Hello,
ok.
If you run the patched version, update to use the latest version in 5.2 branch and set the rand_engine to cryptorand for better randomness to ensure strong level of security for tls.
Cheers,
Daniel
Hi Daniel,
unfortunately I cannot do test at the moment on the platform where I had the issue.
If I'll be able to replicate the issue on another system, I'll test it for sure.
Thanks
Cheers,
Marco
On 10/8/19 4:42 PM, Daniel-Constantin Mierla wrote:
Hello Marco, I am writing to see if you can test the kxlibssl prng that I just added for tls module. I want to see if exposes the same issue you reported in: * https://github.com/kamailio/kamailio/issues/2077 If you can't test with master branch, you need to backport two commits: * https://github.com/kamailio/kamailio/commit/99eafac2d92533ba93cd8244173aef0db0e76b0c * https://github.com/kamailio/kamailio/commit/a52f05087a211bfecd36300907d0bff7170e08ec Then set: modparam("tls", "rand_engine", "kxlibssl") The latest branch 5.2 has the code for setting custom prng backported. The idea behind kxlibssl prng is to reuse the function of the default libssl v1.1.x prng, but guarded by a kamailio specific mutex. Cheers, Daniel
--
Marco Capetta
VoIP DeveloperSipwise GmbH , Campus 21/Europaring F15
AT-2345 Brunn am GebirgePhone: +43(0)1 301 2044
Email: mcapetta@sipwise.com
Website: www.sipwise.comParticulars according Austrian Companies Code paragraph 14
"Sipwise GmbH" - Europaring F15 - 2345 Brunn am Gebirge
FN:305595f, Commercial Court Vienna, ATU64002206
_______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training, Oct 21-23, 2019, Berlin, Germany -- https://asipto.com/u/kat