Hello, isn't enough what can be achieved with:
listen=tcp:x.y.z.w:5060 advertise tls:a.b.c.d:5061 Cheers, Daniel On 28.06.25 03:48, Richard Chan via sr-dev wrote: > Ideas for developer meeting 2b: Teach TCP sockets that they are TLS > proxies > > Background: > > This is a follow-on for Proposal 2 - it is for each of use TLS offloading > to external proxies. > > When using external TLS/TCP bridges users encounter a mismatch when > the URI/socket matcher cannnot find a matching TLS socket. Users > can work around this by forcing t_relay_to but it is not a natural > map. > > Some dancing with record-route headers is usually necessary > > Proposal 2b > This proposal is to have a marker in config file on TCP listeners that > they are in fact proxy'd TLS connections. So the look-and-feel > should be TLS except that they skip mod_tls processing. > > When the config searches for matching socket this type of TLS-proxy > will be found. > > Benefits: > > - can sidestep more exotic mod_tls problems with OpenSSL; user just > offloads to HAProxy et al > - seamless config: these proxy'ied sockets have enough metadata that > look like TLS socket for URIs, record-route etc handling > > Richard (Shih-Ping) > > > _______________________________________________ > Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org > To unsubscribe send an email to sr-dev-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to the > sender! -- Daniel-Constantin Mierla (@ asipto.com) twitter.com/miconda -- linkedin.com/in/miconda Kamailio Consultancy, Training and Development Services -- asipto.com
_______________________________________________ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!