<div dir="ltr">I also see a lot of those errors in my log files but I attributed them to simple connection issues with mobile clients instead of anything specific to TLS.<div><br></div><div>My reasoning is that if a mobile UAC changes networks, moves out of range, etc, then TCP connections to that previous IP:port combo will fail, leading to the error messages in the logs. This shouldn't really affect performance much since the UAC will re-register soon enough with its new network info.</div><div><br></div><div>After reading Daniel's response, I started to wonder if maybe my assumptions are wrong.</div><div>However, I don't think any of Daniel's scenarios apply in my case.</div><div><br></div><div><span style="font-family:arial,sans-serif;font-size:13px">>>- requiring a tls method not supported (tlsv1, ...)</span></div><div>In my network this is not the case. Clients and kamailio support TLS 1.0</div><div><br style="font-family:arial,sans-serif;font-size:13px"><span style="font-family:arial,sans-serif;font-size:13px">>>- not having a common cypher</span></div><div>Hmmm, if both client and kamailio use the same version of openSSL, and both are configured to use TLS 1.0, this should not happen.<br></div><div><br><span style="font-family:arial,sans-serif;font-size:13px">>>- requiring certificate, but the other party not providing one</span></div><div>Nope. I don't use client certificates in my setup</div><div><br><span style="font-family:arial,sans-serif;font-size:13px">>>- requiring a valid certificate, but the validation fails</span><br></div><div><span style="font-family:arial,sans-serif;font-size:13px">I'm using a valid certificate issued and signed by StartCom, so this should not be an issue either. But I have heard anecdotal evidence that StartCom's certificates sometimes don't play well with Kamailio. Has anyone heard of issues like these?</span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><font face="arial, sans-serif">Peter</font></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 7, 2014 at 9:01 AM, Daniel-Constantin Mierla <span dir="ltr"><<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
the errors can be because of various reasons such as:<br>
- requiring a tls method not supported (tlsv1, ...)<br>
- not having a common cypher<br>
- requiring certificate, but the other party not providing one<br>
- requiring a valid certificate, but the validation fails<br>
<br>
Try to run with debug=3 and see if you can spot further hints from
the debug messages.<br>
<br>
Cheers,<br>
Daniel<div><div class="h5"><br>
<br>
<div>On 06/10/14 10:44,
<a href="mailto:Petr.Wozniak@seznam.cz" target="_blank">Petr.Wozniak@seznam.cz</a> wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<p>Hello All,</p>
<p><br>
</p>
<p>I have installed kamailio with TLS module together with
siremis on server and all seems works fine except that
sometimes appear in syslog file the following errors:</p>
<p><br>
</p>
<p>/usr/sbin/kamailio[3266]: ERROR: <core> [tcp_read.c:289]:
tcp_read_data(): error reading: Connection timed out (110)</p>
<p>/usr/sbin/kamailio[3266]: ERROR: <core>
[tcp_read.c:1281]: tcp_read_req(): ERROR: tcp_read_req: error
reading </p>
<p>/usr/sbin/kamailio[3268]: ERROR: <core> [tcp_read.c:289]:
tcp_read_data(): error reading: Connection reset by peer (104)</p>
<p><br>
</p>
<p>Some part of syslog please you find enclosed.</p>
<p><br>
</p>
<p>I don't know where I should search for the cause of these
errors and how to debug and remove them. I don't know if these
errors are caused by incorrect kamailio configuration or are
caused on client's side.</p>
<p><br>
</p>
<p>Thank you for your opinions and help in advance</p>
<p><br>
</p>
<p>Regards,</p>
<p><br>
</p>
<p>Petr<br>
</p>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre cols="72">--
Daniel-Constantin Mierla
<a href="http://twitter.com/#!/miconda" target="_blank">http://twitter.com/#!/miconda</a> - <a href="http://www.linkedin.com/in/miconda" target="_blank">http://www.linkedin.com/in/miconda</a></pre>
</font></span></div>
<br>_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br></blockquote></div><br></div>