[OpenSIPS-Devel] [ opensips-Bugs-3581600 ] TLS: "failed to accept: rejected by client"

SourceForge.net noreply at sourceforge.net
Tue Nov 6 14:36:55 CET 2012 

Bugs item #3581600, was opened at 2012-10-29 04:56
Message generated for change (Comment added) made by dragosoancea
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3581600&group_id=232389

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: core
Group: 1.8.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Dragos Oancea (dragosoancea)
Assigned to: Nobody/Anonymous (nobody)
Summary: TLS:  "failed to accept: rejected by client"

Initial Comment:
Hi

There is a weird behaviour in opensips-tls. It happened to me a 4 or 5 times in the last 3 months.
Sometimes I get a lot of messages like this in the logs:
"ERROR:core:tls_accept: New TLS connection from ip:port failed to accept: rejected by client"
This usually means that some TLS client which is not under my control is hammering on the SSL port, never completing a full SSL/TLS handshake. 
But whithin few minutes after these appear, nothing works on opensips anymore, you send an INVITE and it does not get relay-ed, nothing hapends , it's just stuck. Then I firewall the IP from where the connection requests come from, and everything starts to work fine again.


Regards,
Dragos

PS: Vlad, thx for fixing bug #3570495. It does not crash anymore. 

----------------------------------------------------------------------

>Comment By: Dragos Oancea (dragosoancea)
Date: 2012-11-06 05:36

Message:
Hi 

If I run this against my opensips-1.8.2-tls it will stop relay-ing INIVITEs
after less than 1 minute:

-------
#!/bin/bash 

count=1
while [[ $count -le 1000 ]]
do
    echo "$count"
    echo "giberish" | nc X.X.X.X 5061     
    sleep 1
    (( count++ ))       

done
-------

I have:
open_files_limit=81920
tcp_max_connections=40960

It happens under VMWare with only two registered TLS clients on a test box.


Regards,
Dragos

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3581600&group_id=232389

More information about the Devel mailing list