[OpenSIPS-Users] Valid tls connection closed on a "dos" simulation

Saioa Perurena saioa.perurena at enigmedia.es
Wed Jun 1 15:06:24 CEST 2016


Hi,
I've tried Opensips 2.1.3 and it seems that the problem is solved.

Thank you very much.

On 01/06/16 13:18, Liviu Chircu wrote:
> Hi Saioa,
> 
> We have addressed this issue somewhere between OpenSIPS 1.11.6 - 1.11.7,
> and 2.1.2 - 2.1.3. Please update to the latest version (possibly even
> from GitHub [1], [2]), and let us know if it solved your problem!
> 
> [1]: https://github.com/OpenSIPS/opensips/tree/1.11
> [2]: https://github.com/OpenSIPS/opensips/tree/2.1
> 
> Liviu Chircu
> OpenSIPS Developer
> http://www.opensips-solutions.com
> 
> On 01.06.2016 13:22, Saioa Perurena wrote:
>> Hi,
>>
>> We have an opensips 1.11.6 server with tls and we simulate a dos attack
>> sending an invalid request to the tls port every 10 seconds (echo
>> "giberish" | nc sip-service.example.com 5061 ).
>>
>> We have only two UAC connected correctly through tls, when one of this
>> clients sends an INVITE request when the dos attack is working, then
>> servers close the tls connection of that client with error:
>> ERROR:proto_tls:tls_print_errstack: TLS errstack: error:1408F10B:SSL
>> routines:SSL3_GET_RECORD:wrong version number
>>
>> When client sends MESSAGE or OPTIONS request it does not happen.
>>
>> If we stop the dos attack all works correctly. We can reproduce it so
>> easily, also with Opensips 2.1 version.
>>
>> Any idea of what is happening?? Maybe it is a bug on tls? Any suggestion
>> or idea is welcome.
>>
>> Thanks in advance.
>>
>> Saioa.
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users



More information about the Users mailing list