Why Kamailio reply with null compression method when TLS handshake? - sr-users

13 May 2014

Hi, all.

	I has set up a Kamailio server with TLS & compression enabled, I
thought I set most things suitable ,
    I has set 
    modparam("tls","tls_disable_compression",0)
    I can find such log records as below when Kamailio boost:

	0(10905) INFO: tls [tls_init.c:549]: init_tls_h(): tls: _init_tls_h:
compiled  with  openssl  version "OpenSSL 1.0.0-fips 29 Mar 2010"
(0x10000003), kerberos support: on, compression: on
 0(10905) INFO: tls [tls_init.c:557]: init_tls_h(): tls: init_tls_h:
installed openssl library version "OpenSSL 1.0.0-fips 29 Mar 2010"
(0x10000003), kerberos support: on,  zlib compression: on
 compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT
-DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -DTERMIO -Wall -O2 -g
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m64 -mtune=generic -Wa,--noexecstack
-DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DSHA1_ASM
-DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DWHIRLPOOL_ASM
 0(10905) WARNING: tls [tls_init.c:611]: init_tls_h(): tls: openssl bug
#1491 (crash/mem leaks on low memory) workaround enabled (on low memory tls
operations will fail preemptively) with free memory thresholds 11534336 and
5767168 bytes
 0(10905) INFO: <core> [cfg/cfg_ctx.c:613]: cfg_set_now(): INFO:
cfg_set_now(): tls.low_mem_threshold1 has been changed to 11534336
 0(10905) INFO: <core> [cfg/cfg_ctx.c:613]: cfg_set_now(): INFO:
cfg_set_now(): tls.low_mem_threshold2 has been changed to 5767168

	And I run 
    kamcmd tls.options, 
   I got:
	{
        force_run: 0
        method: TLSv1
        verify_certificate: 0
        verify_depth: 9
        require_certificate: 0
        private_key: /ca/cert.pem
        ca_list: 
        certificate: /ca/cert.pem
        cipher_list: 
        session_cache: 1
        session_id: vic22
        config: /etc/kamailio/tls.cfg
        log: 3
        debug: 3
        connection_timeout: 600
        disable_compression: 0
        ssl_release_buffers: -1
        ssl_freelist_max: -1
        ssl_max_send_fragment: -1
        ssl_read_ahead: 0
        send_close_notify: 0
        low_mem_threshold1: 11534336
        low_mem_threshold2: 5767168
        ct_wq_max: 10485760
        con_ct_wq_max: 65536
        ct_wq_blk_size: 4096
}

  But when My UA connect to this server, when TLS handshake, I can find that
the clienthello with two compression method :1 (deflate) and 0 (null), but
the server side reply with just one compression method: 0( null), thus the
compression was disabled through the following communication.

  Why? are there any others issue can impact the behavior of Kamailio?
  Any hints will be appreciated.

  B.R.

 Rixin liu