Ok, culprit found
modparam("tls", "connection_timeout", 600) (default)
which in a case of default registration time (1h) and no OPTIONS (like, why, it's TCP socket) will cause connection drop.
Le ven. 16 mai 2025 à 11:31, Ihor Olkhovskyi igorolhovskiy@gmail.com a écrit :
Hello,
I'm having a strange issue, when Kamailio(?) is closing TLS connection just in the middle of session. Usually I see a sort of timeout ~ 600 secs. But it does not ring a bell for me.
With strace I've found, that it's actually not Kamailio, but underlying SSL library is doing this, according to line I've got from strace
[2025-05-16 10:00:30] PID=1337952 FD=0 SYSCALL=close -> [No socket info] Raw: sendto(3, "<183>May 16 10:00:30 /usr/local/sbin/kamailio[1337952]: DEBUG: tls [tls_server.c:712]: tls_h_tcpconn_close_f(): Closing SSL connection 0x7f01a1ab1870\n", 150, MSG_NOSIGNAL, NULL, 0) = 150
As I don't see any explicit calls of tls_h_tcpconn_close_f in the source code, I assume it's a callback from the external OpenSSL(?) module.
What would be the best way to debug why OpenSSL(?) is terminating connection, cause on Wireshark I just do see usual TCP connection with keepalives
[image: image.png]
kamailio -v version: kamailio 5.8.3 (x86_64/linux) 6f8a04 flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.
openssl --version OpenSSL 3.2.2 4 Jun 2024 (Library: OpenSSL 3.2.2 4 Jun 2024)
enable_tls=yes
enable_sctp=no
tls_threads_mode=2 tcp_accept_no_cl=yes tcp_max_connections=63536 tls_max_connections=63536 tcp_accept_aliases=no tcp_async=yes tcp_connect_timeout=30 tcp_conn_wq_max=63536 tcp_crlf_ping=yes tcp_delayed_ack=yes tcp_fd_cache=yes tcp_keepalive=yes tcp_keepcnt=5 tcp_keepidle=30 tcp_keepintvl=10 tcp_linger2=30 tcp_script_mode=1 tcp_rd_buf_size=80000 tcp_send_timeout=10 tcp_wq_blk_size=2100 tcp_wq_max=10485760 open_files_limit=63536
Many thanks in advance!
Best regards, Ihor (Igor)
