<div dir="auto"><span style="font-size:16px">Hi </span><span style="font-size:16px">Răzvan,</span><br>
<span style="font-size:16px">Just saw your response.</span>
<br><br><span style="font-size:16px">> </span><span style="font-size:16px">Does it stop to any TLS operation, even for new ones?</span><br>
<span style="font-size:16px">All TLS operations stop, no TLS traffic on Wireshark.</span>
<br><br><span style="font-size:16px">We are using openssl 1.1.1q on Centos 7. </span><br>
<span style="font-size:16px">We wanted to try wolfssl, but we had issues installing it on Centos 7. If it is more stable than openssl, we can give it another shot.</span>
<br><br><span style="font-size:16px">Thanks,</span><br>
<span style="font-size:16px">Matt</span></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 2, 2023, 6:18 AM Răzvan Crainea <<a href="mailto:razvan@opensips.org">razvan@opensips.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello!<br>
<br>
Does it stop to any TLS operation, even for new ones? What TLS lib are <br>
you using, openssl or wolfssl?<br>
Are there any errors in the logs related to TLS?<br>
<br>
Best regards,<br>
<br>
Răzvan Crainea<br>
OpenSIPS Core Developer<br>
<a href="http://www.opensips-solutions.com" rel="noreferrer noreferrer" target="_blank">http://www.opensips-solutions.com</a><br>
<br>
On 12/30/22 16:00, L S wrote:<br>
> One more thing:<br>
> <br>
> log_level=4<br>
> open_files_limit=32768<br>
> <br>
> At the time Opensips stops responding to TLS, it seems like it stops <br>
> writing to log file too even though it continues handling the non-TLS SIP.<br>
> <br>
> Thanks.<br>
> <br>
> On Thu, Dec 29, 2022, 5:51 PM L S <<a href="mailto:efes99999@gmail.com" target="_blank" rel="noreferrer">efes99999@gmail.com</a> <br>
> <mailto:<a href="mailto:efes99999@gmail.com" target="_blank" rel="noreferrer">efes99999@gmail.com</a>>> wrote:<br>
> <br>
> Just wanted to add the traffic between the client and Opensips<br>
> below. It seems Opensips keeps on sending RESET.<br>
> <br>
> We have the tcp_max_connections at default value. That value (2048)<br>
> works fine in 1.11.5.<br>
> <br>
> Thanks.<br>
> <br>
> client opensipsSSL142Client Hello<br>
> client opensipsSSL142[TCP Retransmission] Client Hello<br>
> opensipsclient TCP54sips > 5071 [RST] Seq=1 Win=0 Len=0<br>
> client opensipsSSL142[TCP Retransmission] Client Hello<br>
> opensipsclient TCP54sips > 5064 [RST] Seq=1 Win=0 Len=0<br>
> client opensipsTCP74[TCP Port numbers reused] 5071 > sips [SYN]<br>
> Seq=0 Win=8192 Len=0 MSS=1460 WS=1<br>
> opensipsclient TCP54sips > 5071 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0<br>
> client opensipsTCP74[TCP Port numbers reused] 5064 > sips [SYN]<br>
> Seq=0 Win=8192 Len=0 MSS=1460 WS=1<br>
> opensipsclient TCP54sips > 5064 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0<br>
> client opensipsTCP74[TCP Port numbers reused] 5080 > sips [SYN]<br>
> Seq=0 Win=8192 Len=0 MSS=1460 WS=1<br>
> <br>
> On Thu, Dec 29, 2022, 9:27 AM L S <<a href="mailto:efes99999@gmail.com" target="_blank" rel="noreferrer">efes99999@gmail.com</a><br>
> <mailto:<a href="mailto:efes99999@gmail.com" target="_blank" rel="noreferrer">efes99999@gmail.com</a>>> wrote:<br>
> <br>
> Hi,<br>
> <br>
> We are in the process of migrating from 1.11.5 tls to 3.2.9, and<br>
> we are running into an issue with TLS.<br>
> <br>
> Opensips stops handling TLS within a few minutes after it is<br>
> started; e.g. stops responding to Client Hellos. There is no<br>
> more outgoing TLS traffic from the Opensips server. When we<br>
> restart Opensips, it goes back to normal for a while, then stops<br>
> responding to TLS requests again.<br>
> <br>
> I don't see any errors in logs.<br>
> The server runs Centos 7, openssl 1.1.1q.<br>
> <br>
> 1.11.5 works fine.<br>
> <br>
> Can this be a memory issue? We use S_memory 512 and P_memory 8.<br>
> Opensips 1.11.5 works fine with the same settings. TCP<br>
> parameters have their default values.<br>
> <br>
> How can we debug this? Any suggestions would be appreciated.<br>
> <br>
> Thanks,<br>
> Matt<br>
> <br>
> <br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org" target="_blank" rel="noreferrer">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank" rel="noreferrer">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer noreferrer" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote></div>