Hello, concerning OpenSSL https://kamailio.org/docs/modules/devel/modules/tls.html says: workarounds for various Openssl bugs (like compression and Kerberos using the wrong memory allocations functions, low memory problems a.s.o). Compression over TLS is considered insecure because of the CRIME attack. Kerberos is probably used for the cipher suites: TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_IDEA_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_IDEA_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_MD5 all of which are insecure (because the use 3DES, RC4, DES, RC2), or weak, not supporting Pretty Forward Sercery, cf: https://ciphersuite.info/cs/TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA/ https://ciphersuite.info/cs/TLS_KRB5_WITH_3DES_EDE_CBC_SHA/ That said, neither TLS compression nor Kerberos TLS cipher suite shall be used. This leaves the question if there are problems, which are still solved by preloading openssl_mutex_shared.so (e.g. low memory problems). Greetings Дилян -----Original Message----- From: Дилян Палаузов <dpa-kamailio(a)bapha.be> To: sr-users(a)lists.kamailio.org Subject: Must openssl_mutex_shared.so be preloaded? Date: 12/11/2022 12:58:44 PM Hello, The documentation on using openssl_mutex_shared.so is contradicting. https://github.com/kamailio/kamailio/blob/master/src/modules/tls/README#L293 says: 'src/modules/tls/openssl_mutex_shared/README.md'. https://github.com/kamailio/kamailio/blob/master/src/modules/tls/utils/open… says: September 14, 2019). The code of this shared library has been included in the core of Kamailio and the same behaviour is now achieved by default. It is unclear, if openssl_mutex_shared.so must be preloaded. In case the library is not needed anymore, it shall not be compiled and installed. Kind regards   Дилян