I have noticed the following issue which began with builds somewhere between git master commits bff0a08 and 6173ef7. I did not see this issue with my previous builds and haven't been able to pin down the problem, which is why I haven't formally filed a bug.
Any help or guidance is appreciated, because this has crippled my use of Kamailio. Only a restart enables it to work again until the issue recurs.
ERROR: tls [tls_server.c:189]: tls_complete_init(): tls: ssl bug #1491 workaround: not enough memory for safe operation: 8870536 ERROR: <core> [tcp_read.c:1303]: tcp_read_req(): ERROR: tcp_read_req: error reading
I currently build against and run openssl-1.0.1k-12.fc22.x86_64.
I have a very small operation and the only change on the operational side is that all 5 of my mobile UACs (yes, that's all) have switched from CSipSimple/Android to Zoiper/Android, which doesn't yet have support for client-side certificates so verify_certificate and require_certificate are off for both the server and client config.
The server is started with: /usr/sbin/kamailio -P /run/kamailio/kamailio.pid -m 64 -M 8
I have tried modifying the shared mem to 128 but the issue still occurs.
Even right now, I am seeing the error when only one UAC has established a TLS connection:
# kamcmd tls.list { id: 572 timeout: 3475 src_ip: 10.77.79.156 src_port: 58688 dst_ip: 10.77.79.3 dst_port: 5061 cipher: ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 ct_wq_size: 0 enc_rd_buf: 0 flags: 2 state: established }
# kamailio.cfg enable_tls=yes loadmodule "tls.so" modparam("tls", "connection_timeout", 60) #modparam("tls", "tls_log", 1) #modparam("tls", "tls_debug", 1) #modparam("tls", "low_mem_threshold1", -1) #modparam("tls", "low_mem_threshold2", 0) modparam("tls", "session_cache", 1)
# tls.cfg [server:default] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/example.org.key.pem certificate = /etc/kamailio/example.org.crt.pem server_name = example.org cipher_list = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA- AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256- SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM- SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4- SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128- SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128- SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
[client:default] method = TLSv1+ verify_certificate = no require_certificate = no private_key = /etc/kamailio/example.org.key.pem certificate = /etc/kamailio/example.org.crt.pem cipher_list = ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA- AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES256- SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM- SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:RC4- SHA:AES256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128- SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128- SHA:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK
Thanks. -Anthony