I also see a lot of those errors in my log files but I attributed them to simple connection issues with mobile clients instead of anything specific to TLS.

My reasoning is that if a mobile UAC changes networks, moves out of range, etc, then TCP connections to that previous IP:port combo will fail, leading to the error messages in the logs. This shouldn't really affect performance much since the UAC will re-register soon enough with its new network info.

After reading Daniel's response, I started to wonder if maybe my assumptions are wrong.
However, I don't think any of Daniel's scenarios apply in my case.

>>- requiring a tls method not supported (tlsv1, ...)
In my network this is not the case. Clients and kamailio support TLS 1.0

>>- not having a common cypher
Hmmm, if both client and kamailio use the same version of openSSL, and both are configured to use TLS 1.0, this should not happen.

>>- requiring certificate, but the other party not providing one
Nope. I don't use client certificates in my setup

>>- requiring a valid certificate, but the validation fails
I'm using a valid certificate issued and signed by StartCom, so this should not be an issue either. But I have heard anecdotal evidence that StartCom's certificates sometimes don't play well with Kamailio. Has anyone heard of issues like these?


Peter


On Tue, Oct 7, 2014 at 9:01 AM, Daniel-Constantin Mierla <miconda@gmail.com> wrote:
Hello,

the errors can be because of various reasons such as:
- requiring a tls method not supported (tlsv1, ...)
- not having a common cypher
- requiring certificate, but the other party not providing one
- requiring a valid certificate, but the validation fails

Try to run with debug=3 and see if you can spot further hints from the debug messages.

Cheers,
Daniel


On 06/10/14 10:44, Petr.Wozniak@seznam.cz wrote:

Hello All,


I  have installed kamailio with TLS module together with siremis on server and all seems works fine  except that sometimes appear in syslog file the following errors:


/usr/sbin/kamailio[3266]: ERROR: <core> [tcp_read.c:289]: tcp_read_data(): error reading: Connection timed out (110)

/usr/sbin/kamailio[3266]: ERROR: <core> [tcp_read.c:1281]: tcp_read_req(): ERROR: tcp_read_req: error reading

/usr/sbin/kamailio[3268]: ERROR: <core> [tcp_read.c:289]: tcp_read_data(): error reading: Connection reset by peer (104)


Some part of syslog please you find enclosed.


I don't know where I should search for the cause of these errors and how to debug and remove them. I don't know if these errors are caused by incorrect kamailio configuration or are caused on client's side.


Thank you for your opinions and  help in advance


Regards,


Petr



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


-- 
Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users