Ok, culprit found

modparam("tls", "connection_timeout", 600) (default)

which in a case of default registration time (1h) and no OPTIONS (like, why, it's TCP socket) will cause connection drop.

Le ven. 16 mai 2025 à 11:31, Ihor Olkhovskyi <igorolhovskiy@gmail.com> a écrit :
Hello,

I'm having a strange issue, when Kamailio(?) is closing TLS connection just in the middle of session. Usually I see a sort of timeout ~ 600 secs. But it does not ring a bell for me.

With strace I've found, that it's actually not Kamailio, but underlying SSL library is doing this, according to line I've got from strace

[2025-05-16 10:00:30] PID=1337952 FD=0 SYSCALL=close -> [No socket info] Raw: sendto(3, "<183>May 16 10:00:30 /usr/local/sbin/kamailio[1337952]: DEBUG: tls [tls_server.c:712]: tls_h_tcpconn_close_f(): Closing SSL connection 0x7f01a1ab1870\n", 150, MSG_NOSIGNAL, NULL, 0) = 150

As I don't see any explicit calls of tls_h_tcpconn_close_f in the source code, I assume it's a callback from the external OpenSSL(?) module.

What would be the best way to debug why OpenSSL(?) is terminating connection, cause on Wireshark I just do see usual TCP connection with keepalives

image.png

kamailio -v
version: kamailio 5.8.3 (x86_64/linux) 6f8a04
flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
ADAPTIVE_WAIT_LOOPS 1024, MAX_RECV_BUFFER_SIZE 262144, MAX_SEND_BUFFER_SIZE 262144, MAX_URI_SIZE 1024, BUF_SIZE 65535, DEFAULT PKG_SIZE 8MB
poll method support: poll, epoll_lt, epoll_et, sigio_rt, select.

openssl --version
OpenSSL 3.2.2 4 Jun 2024 (Library: OpenSSL 3.2.2 4 Jun 2024)

enable_tls=yes

enable_sctp=no

tls_threads_mode=2
tcp_accept_no_cl=yes
tcp_max_connections=63536
tls_max_connections=63536
tcp_accept_aliases=no
tcp_async=yes
tcp_connect_timeout=30
tcp_conn_wq_max=63536
tcp_crlf_ping=yes
tcp_delayed_ack=yes
tcp_fd_cache=yes
tcp_keepalive=yes
tcp_keepcnt=5
tcp_keepidle=30
tcp_keepintvl=10
tcp_linger2=30
tcp_script_mode=1
tcp_rd_buf_size=80000
tcp_send_timeout=10
tcp_wq_blk_size=2100
tcp_wq_max=10485760
open_files_limit=63536


Many thanks in advance!
--
Best regards,
Ihor (Igor)


--
Best regards,
Ihor (Igor)