[Users] cancelling forked requests + forcing TLS use
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Mar 12 11:28:08 CET 2007
Bogdan-Andrei Iancu wrote:
>> 2. When I have
>> tls_verify_client = 1
>> tls_require_client_certificate = 1
>>
>> in my cfg file, ser still accepts tcp and udp connections, despite
>> tls_require_client_certificate=1. I did a search, and found this way:
>>
>> if (proto != TLS) {
>> sl_send_reply("403", "Forbidden");
>> exit;
>> };
>>
>> However SER is really still listening on UDP and TCP port 5060. Is
>> there a way to configure SER such that it only listens and
>> acknowledges TLS connections?
>
> do:
> disable_tcp = yes
> to get rid of TCP
>
> for UDP is not so simple as RFC make mandatory for a proxy to use UDP.
> So, you have to do it from script.
or just configure iptables ( or antother firewall) to drop packets to
port 5060 UDP and TCP.
regards
klaus
--
Klaus Darilion
nic.at
More information about the Users
mailing list