[OpenSIPS-Users] Frequent TLS failures
Abisai Matangira
matangiraa at afri-com.net
Thu Jan 25 17:00:57 EST 2018
Sent from Nine<http://www.9folders.com/>
________________________________
From: Daniel Lakeland <dlakelan at street-artists.org>
Sent: Thursday, 25 January 2018 6:59 pm
To: OpenSIPS users mailling list
Subject: [OpenSIPS-Users] Frequent TLS failures
I have set up monit to monitor TLS connectivity for my opensips
instance. It just connects via openssl s_client and greps for errors, it
reboots openssl if it has errors more than a few times in a row.
I get errors as follows about 3 to 5 times a day:
Description: status failed (1) -- 140444316333312:error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding:../crypto/rsa/rsa_pk1.c:67:
140444316333312:error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed:../crypto/rsa/rsa_ossl.c:586:
140444316333312:error:1416D07B:SSL routines:tls_process_key_exchange:bad signature:../ssl/statem/statem_clnt.c:1721:
rebooting opensips makes them go away for several hours. For example monit rebooted opensips at 2:37 AM, 4:55 AM, and 6:48 AM so far this morning (it's about 8:55 am where I am now).
This seems suspicious, and btw several other processes use the same certs with no problems day in and day out (prosody jabber server for example, probably some others).
I suspect some memory gets corrupted in opensips and this causes it to fail to work.
Opensips is version 2.3.2-1 installed from the opensips apt repository on a mixed Debian system, openssl and libssl = 1.1.0g
Any thoughts?
_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20180125/52657bb0/attachment.html>
More information about the Users
mailing list