[asterisk-bugs] [JIRA] (ASTERISK-29017) pjsip enforces TLSv1.3 in default configuration
Joshua C. Colp (JIRA)
noreply at issues.asterisk.org
Mon Aug 3 05:06:43 CDT 2020
[ https://issues.asterisk.org/jira/browse/ASTERISK-29017?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua C. Colp updated ASTERISK-29017:
--------------------------------------
Severity: Major (was: Minor)
> pjsip enforces TLSv1.3 in default configuration
> -----------------------------------------------
>
> Key: ASTERISK-29017
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-29017
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: pjproject/pjsip
> Affects Versions: 16.10.0, 16.12.0
> Environment: Debian Unstable (sid)
> Reporter: Bernhard Schmidt
>
> Originally reported to Debian in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966636 .
> After upgrading from Asterisk 16.2.1 to Asterisk 16.10.0 the pjsip TLS listener only accepts TLSv1.3 connections in the default configuration (method= not set or set to "default")
> {noformat}
> [transport-tls]
> type=transport
> protocol=tls
> bind=0.0.0.0
> cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
> priv_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
> ;cipher=ADH-AES256-SHA,ADH-AES128-SHA
> ;method=tlsv1
> {noformat}
> {noformat}
> [Jul 31 21:48:23] WARNING[4288] pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337678594> <SSL routines-tls_early_post_process_client_hello-unsupported protocol> len: 0 peer: 127.0.0.1:49478 }}}
> {noformat}
> Workaround is setting
> {noformat}
> method=tlsv1_2
> {noformat}
> which appears to accept both TLSv1.2 and TLSv1.3 connections.
> I have quickly spun up a test package with Asterisk 16.12.0 which shows the same symptoms
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list