CRLF support over TLS

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

CRLF support over TLS

Vitalii Aleksandrov

Hi,

One of my SIP endpoints send CRLF (0x0d 0x0a) messages over TLS connections to opensips. Opensips drops TLS a connection to this phone after "tcp_max_msg_time" seconds. The same client works fine over TCP and CRLF messages are just ignored by a proxy.

rfc3261 section 7.5 says:

Implementations processing SIP messages over stream-oriented
   transports MUST ignore any CRLF appearing before the start-line
Is it a bug or did I missed some configuration options to make it work?


_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: CRLF support over TLS

Răzvan Crainea-2
Hi, Vitalii!

Did you try to tune your tls_crlf_* parameters?
https://opensips.org/html/docs/modules/2.4.x/proto_tls.html#param_tls_crlf_drop

Best regards,
Răzvan

On 3/22/19 8:16 PM, Vitalii Aleksandrov wrote:

> Hi,
>
> One of my SIP endpoints send CRLF (0x0d 0x0a) messages over TLS
> connections to opensips. Opensips drops TLS a connection to this phone
> after "tcp_max_msg_time" seconds. The same client works fine over TCP
> and CRLF messages are just ignored by a proxy.
>
> rfc3261 section 7.5 says:
>
>> Implementations processing SIP messages over stream-oriented
>>     transports MUST ignore any CRLF appearing before the start-line
> Is it a bug or did I missed some configuration options to make it work?
>
>
> _______________________________________________
> Users mailing list
> [hidden email]
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>

--
Răzvan Crainea
OpenSIPS Core Developer
   http://www.opensips-solutions.com
Meet the OpenSIPS team at the next OpenSIPS Summit:
   https://www.opensips.org/events

_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|

Re: CRLF support over TLS

Vitalii Aleksandrov
Thanks a lot. It helped! I was searching for a global para and
completely forgot about proto_tls module.

> Hi, Vitalii!
>
> Did you try to tune your tls_crlf_* parameters?
> https://opensips.org/html/docs/modules/2.4.x/proto_tls.html#param_tls_crlf_drop 
>
>
> Best regards,
> Răzvan



_______________________________________________
Users mailing list
[hidden email]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users