> Observation: most of these faults are in `tls_accept()` even before the `SSL
> *` object is shared and used by multiple workers (in the steady state) — this
> is strange as we normally associate OpenSSL “problems” with using `SSL *` in
> multiple processes.
>
> It seems to be related to (1) error handling and/or (2) handshaking with
> asymmetric keys.
>
> If anyone is in a position to try with PSK it would be an interesting data
> point (not sure if kamailio's `tls.so` can be used with PSK though...).
>
> I have reproduced similar crashes with OpenSSL 3.0.x and most of them occur
> in `tls_accept()` in various places with both RSA/ECDSA keys.
>
> For workarounds: you can try `tls_wolfssl` (disclaimer: I am the contributor
> of this module) or `tlsa/OpenSSL 1.1.1`. I don't recommend `tlsa/OpenSSL
> 3.x.x` as I can reproduce such crashes in that scenario. For 5.7.2/3 you
> would have to build these modules yourself.
We are currently facing this issue aswell and what I can tell is that it
happens with OpenSSL 1.1.1 too. Not tried tls_wolfssl.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3635#issuecomment-1847123249
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3635/[email protected]>
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to [email protected]
