[OpenSIPS-Users] Valid tls connection closed on a "dos" simulation
Liviu Chircu
liviu at opensips.org
Wed Jun 1 13:18:54 CEST 2016
Hi Saioa,
We have addressed this issue somewhere between OpenSIPS 1.11.6 - 1.11.7,
and 2.1.2 - 2.1.3. Please update to the latest version (possibly even
from GitHub [1], [2]), and let us know if it solved your problem!
[1]: https://github.com/OpenSIPS/opensips/tree/1.11
[2]: https://github.com/OpenSIPS/opensips/tree/2.1
Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com
On 01.06.2016 13:22, Saioa Perurena wrote:
> Hi,
>
> We have an opensips 1.11.6 server with tls and we simulate a dos attack
> sending an invalid request to the tls port every 10 seconds (echo
> "giberish" | nc sip-service.example.com 5061 ).
>
> We have only two UAC connected correctly through tls, when one of this
> clients sends an INVITE request when the dos attack is working, then
> servers close the tls connection of that client with error:
> ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong version number
>
> When client sends MESSAGE or OPTIONS request it does not happen.
>
> If we stop the dos attack all works correctly. We can reproduce it so
> easily, also with Opensips 2.1 version.
>
> Any idea of what is happening?? Maybe it is a bug on tls? Any suggestion
> or idea is welcome.
>
> Thanks in advance.
>
> Saioa.
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
More information about the Users
mailing list