[asterisk-bugs] [JIRA] (ASTERISK-28444) chan_pjsip: Peer IP for SSL handshake errors not logged

Asterisk Team (JIRA) noreply at issues.asterisk.org
Thu Jul 18 06:22:48 CDT 2019


     [ https://issues.asterisk.org/jira/browse/ASTERISK-28444?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Asterisk Team updated ASTERISK-28444:
-------------------------------------

    Target Release Version/s: 13.28.0

> chan_pjsip: Peer IP for SSL handshake errors not logged
> -------------------------------------------------------
>
>                 Key: ASTERISK-28444
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28444
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_pjsip
>    Affects Versions: 16.2.1
>         Environment: Debian Buster
>            Reporter: Bernhard Schmidt
>            Assignee: George Joseph
>            Severity: Minor
>              Labels: pjsip
>      Target Release: 13.28.0
>
>
> When there is a SSL handshake error pjproject logs the reason through the Asterisk console/log, i.e. 
> {code}
>  [2019-05-18 23:59:52] WARNING[21669] pjproject:                            SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337260938> <SSL routines-tls_process_ske_dhe-dh key too small> len: 0
> {code}
> However, this does not include any indication for the peer that caused this issue (i.e. remote IP).
> With the upcoming changes in newer OpenSSL versions (deprecation of small DH keys, deprecation of TLS < 1.2, deprecation of ciphers) these errors frequently scroll by without a decent way to pinpoint them to a specific peer.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list