[OpenSIPS-Users] Valid tls connection closed on a "dos" simulation

Saioa Perurena saioa.perurena at enigmedia.es
Wed Jun 1 12:22:30 CEST 2016


We have an opensips 1.11.6 server with tls and we simulate a dos attack
sending an invalid request to the tls port every 10 seconds (echo
"giberish" | nc sip-service.example.com 5061 ).

We have only two UAC connected correctly through tls, when one of this
clients sends an INVITE request when the dos attack is working, then
servers close the tls connection of that client with error:
ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number

When client sends MESSAGE or OPTIONS request it does not happen.

If we stop the dos attack all works correctly. We can reproduce it so
easily, also with Opensips 2.1 version.

Any idea of what is happening?? Maybe it is a bug on tls? Any suggestion
or idea is welcome.

Thanks in advance.


More information about the Users mailing list