[asterisk-bugs] [JIRA] (ASTERISK-28444) chan_pjsip: Peer IP for SSL handshake errors not logged
Friendly Automation (JIRA)
noreply at issues.asterisk.org
Mon Jul 1 10:08:48 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=247505#comment-247505 ]
Friendly Automation commented on ASTERISK-28444:
------------------------------------------------
Change 11497 merged by Friendly Automation:
pjproject_bundled: Add peer information to most SSL/TLS errors
[https://gerrit.asterisk.org/c/asterisk/+/11497|https://gerrit.asterisk.org/c/asterisk/+/11497]
> chan_pjsip: Peer IP for SSL handshake errors not logged
> -------------------------------------------------------
>
> Key: ASTERISK-28444
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28444
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_pjsip
> Affects Versions: 16.2.1
> Environment: Debian Buster
> Reporter: Bernhard Schmidt
> Assignee: George Joseph
> Severity: Minor
> Labels: pjsip
>
> When there is a SSL handshake error pjproject logs the reason through the Asterisk console/log, i.e.
> {code}
> [2019-05-18 23:59:52] WARNING[21669] pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337260938> <SSL routines-tls_process_ske_dhe-dh key too small> len: 0
> {code}
> However, this does not include any indication for the peer that caused this issue (i.e. remote IP).
> With the upcoming changes in newer OpenSSL versions (deprecation of small DH keys, deprecation of TLS < 1.2, deprecation of ciphers) these errors frequently scroll by without a decent way to pinpoint them to a specific peer.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list