Hello,

isn't enough what can be achieved with:

listen=tcp:x.y.z.w:5060 advertise tls:a.b.c.d:5061

Cheers,
Daniel

On 28.06.25 03:48, Richard Chan via sr-dev wrote:
> Ideas for developer meeting 2b: Teach TCP sockets that they are TLS
> proxies
>
> Background:
>
> This is a follow-on for Proposal 2 - it is for each of use TLS offloading
> to external proxies.
>
> When using external TLS/TCP bridges users encounter a mismatch when
> the URI/socket matcher cannnot find a matching TLS socket. Users
> can work around this by forcing t_relay_to but it is not a natural
> map.
>
> Some dancing with record-route headers is usually necessary
>
> Proposal 2b
> This proposal is to have a marker in config file on TCP listeners that
> they are in fact proxy'd TLS connections. So the look-and-feel
> should be TLS except that they skip mod_tls processing.
>
> When the config searches for matching socket this type of TLS-proxy
> will be found.
>
> Benefits:
>
> - can sidestep more exotic mod_tls problems with OpenSSL; user just
>   offloads to HAProxy et al
> - seamless config: these proxy'ied sockets have enough metadata that
>   look like TLS socket for URIs, record-route etc handling
>
> Richard (Shih-Ping)
>
>
> _______________________________________________
> Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
> To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to the 
> sender!

-- 
Daniel-Constantin Mierla (@ asipto.com)
twitter.com/miconda -- linkedin.com/in/miconda
Kamailio Consultancy, Training and Development Services -- asipto.com
_______________________________________________
Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!

Reply via email to