Hello Richard, it is probably not fully related, but are you aware of the haproxy protocol support inside of Kamailio core? This was added to facilitate this offloading functionality. I personally did not used it so far, so I cannot give details how good it works.
Cheers, Henning From: Richard Chan via sr-dev <sr-dev@lists.kamailio.org> Sent: Saturday, June 28, 2025 3:49 AM To: Kamailio (SER) - Development Mailing List <sr-dev@lists.kamailio.org> Cc: Richard Chan <shihping.c...@gmail.com> Subject: [sr-dev] Ideas for developer meeting 2b: Teach TCP sockets that they are TLS proxies Ideas for developer meeting 2b: Teach TCP sockets that they are TLS proxies Background: This is a follow-on for Proposal 2 - it is for each of use TLS offloading to external proxies. When using external TLS/TCP bridges users encounter a mismatch when the URI/socket matcher cannnot find a matching TLS socket. Users can work around this by forcing t_relay_to but it is not a natural map. Some dancing with record-route headers is usually necessary Proposal 2b This proposal is to have a marker in config file on TCP listeners that they are in fact proxy'd TLS connections. So the look-and-feel should be TLS except that they skip mod_tls processing. When the config searches for matching socket this type of TLS-proxy will be found. Benefits: - can sidestep more exotic mod_tls problems with OpenSSL; user just offloads to HAProxy et al - seamless config: these proxy'ied sockets have enough metadata that look like TLS socket for URIs, record-route etc handling Richard (Shih-Ping)
_______________________________________________ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
