[asterisk-bugs] [Asterisk 0014582]: Getting SSL cipher error with Asterisk-1.6.1-rc1 version

Asterisk Bug Tracker noreply at bugs.digium.com
Mon Mar 2 08:43:57 CST 2009 

The following issue requires your FEEDBACK. 
====================================================================== 
http://bugs.digium.com/view.php?id=14582 
====================================================================== 
Reported By:                TheOldSaint
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   14582
Category:                   Channels/chan_sip/TLS
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     feedback
Asterisk Version:           1.6.1-rc1 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2009-03-02 03:22 CST
Last Modified:              2009-03-02 08:43 CST
====================================================================== 
Summary:                    Getting SSL cipher error with Asterisk-1.6.1-rc1
version
Description: 
Hi,

I tried to set “tlscipher” property in the sip.conf file with the
below mentioned ciphers separately and got the below exceptions.

TLS_RSA_WITH_3DES_EDE_CBC_SHA ==> SSL cipher error
<TLS_RSA_WITH_3DES_EDE_CBC_SHA>
TLS_RSA_WITH_AE_128_CBC_SHA ==> SSL cipher error
<TLS_RSA_WITH_AE_128_CBC_SHA>

Does Asterisk don’t support these two ciphers? Could anyone please help
me in resolving this issue.

====================================================================== 

---------------------------------------------------------------------- 
 (0100989) file (administrator) - 2009-03-02 08:43
 http://bugs.digium.com/view.php?id=14582#c100989 
---------------------------------------------------------------------- 
This seems to be a configuration issue. You need to be using the OpenSSL
equivalent. These can be found at
http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS

TLS_RSA_WITH_3DES_EDE_CBC_SHA should be configured as DES-CBC-SHA
TLS_RSA_WITH_AE_128_CBC_SHA should be configured as AES128-SHA

Please give this a go and report back. 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-03-02 08:43 file           Note Added: 0100989                          
2009-03-02 08:43 file           Status                   new => feedback     
======================================================================

More information about the asterisk-bugs mailing list