Hello Kamailio users, I would like testers to try out a new module tls_wolfssl, an alternate TLS transport based on wolfSSL.
Why another TLS transport implementation? The travails of using OpenSSL >= 1.1.1 in Kamailio’s multi-process paradigm has been documented by OpenSIPS (and that sister project has implemented tls_wolfssl). Essentially, OpenSSL makes no concessions to the multi-process use case and in fact has implementation details that work against global shared memory structures. As a result Kamailio contains some tricky code * a pthread polyfill in core * duplicated SSL_CTX per worker * atexit workaround How to test? The code is currently in master and can be built in the usual way. Debian has 5.2.0 libwolfssl-dev needed; for some RPM distros (el8, el9, fc36) I have created a Copr repository https://copr.fedorainfracloud.org/coprs/beaveryoga/wolfSSL/ Known limitations The current state can be considered as identical to tls+OpenSSL 1.1.1/3.0.x. Old TLS protocols < 1.2 and cipher list configuration don’t work, i.e., only TLS 1.2 and 1.3 work with the default cipher list. In your configuration just replace loadmodule “tls.so” with loadmodule “tls_wolfssl.so” The rest of the TLS configuration can remain unchanged unless you are using a funky protocol version/cipher list combination. Thanks! S-P
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
