2

I'm setting up a TLS connection for the purposes of sending secure SIP. The remote gateway (Twilio) doesn't always send a finish message and as such those requests fail. Everything else appears to match between successful and failing messages.

My question is whether I can safely say that this issue is definitely with the remote provider, rather than something that can be fixed on the client side.

Working:

working

Failing:

failing

Is this perhaps a typical scenario which I am not familiar with, perhaps an attempt to re-use an old session or similar? Any advice would be very much appreciated, i'm really looking for confirmation that I'm reading this correctly.

Thanks for taking a look!

puppyFlo
  • 201
  • 1
  • 5

1 Answers1

1

Although I am still interested in any additional information the community can provide I am happy to report that the issue has been mitigated through a client modification.

I'm using OpenSIPs 2.3 which provides TLS via a module tls_mgm. This module has a setting for handshake timeout which defaults to 30 although I am running with 60. The docs state that this value is in seconds however the developers have confirmed that in fact the value is in milliseconds.

Increasing this timeout to 500ms has stopped these issues. My use of a high strength cipher is likely responsible for the upstream device incurring a delay when calculating its handshake key so its reasonable for us to run at this value - you can't put a price on security!

puppyFlo
  • 201
  • 1
  • 5