[asterisk-bugs] [JIRA] (ASTERISK-28444) chan_pjsip: Peer IP for SSL handshake errors not logged

Friendly Automation (JIRA) noreply at issues.asterisk.org
Mon Jul 1 10:08:48 CDT 2019


    [ https://issues.asterisk.org/jira/browse/ASTERISK-28444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=247505#comment-247505 ] 

Friendly Automation commented on ASTERISK-28444:
------------------------------------------------

Change 11497 merged by Friendly Automation:
pjproject_bundled:  Add peer information to most SSL/TLS errors

[https://gerrit.asterisk.org/c/asterisk/+/11497|https://gerrit.asterisk.org/c/asterisk/+/11497]

> chan_pjsip: Peer IP for SSL handshake errors not logged
> -------------------------------------------------------
>
>                 Key: ASTERISK-28444
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28444
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip
>    Affects Versions: 16.2.1
>         Environment: Debian Buster
>            Reporter: Bernhard Schmidt
>            Assignee: George Joseph
>            Severity: Minor
>              Labels: pjsip
>
> When there is a SSL handshake error pjproject logs the reason through the Asterisk console/log, i.e. 
> {code}
>  [2019-05-18 23:59:52] WARNING[21669] pjproject:                            SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337260938> <SSL routines-tls_process_ske_dhe-dh key too small> len: 0
> {code}
> However, this does not include any indication for the peer that caused this issue (i.e. remote IP).
> With the upcoming changes in newer OpenSSL versions (deprecation of small DH keys, deprecation of TLS < 1.2, deprecation of ciphers) these errors frequently scroll by without a decent way to pinpoint them to a specific peer.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list