[asterisk-bugs] [JIRA] (ASTERISK-29017) pjsip enforces TLSv1.3 in default configuration
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Fri Jul 31 16:56:43 CDT 2020
[ https://issues.asterisk.org/jira/browse/ASTERISK-29017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=251582#comment-251582 ]
Asterisk Team commented on ASTERISK-29017:
------------------------------------------
Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. Please note that log messages and other files should not be sent to the Sangoma Asterisk Team unless explicitly asked for. All files should be placed on this issue in a sanitized fashion as needed.
A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.
Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].
Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.
> pjsip enforces TLSv1.3 in default configuration
> -----------------------------------------------
>
> Key: ASTERISK-29017
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-29017
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: pjproject/pjsip
> Affects Versions: 16.10.0, 16.12.0
> Environment: Debian Unstable (sid)
> Reporter: Bernhard Schmidt
> Severity: Critical
>
> Originally reported to Debian in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966636 .
> After upgrading from Asterisk 16.2.1 to Asterisk 16.10.0 the pjsip TLS listener only accepts TLSv1.3 connections in the default configuration (method= not set or set to "default")
> {noformat}
> [transport-tls]
> type=transport
> protocol=tls
> bind=0.0.0.0
> cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
> priv_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
> ;cipher=ADH-AES256-SHA,ADH-AES128-SHA
> ;method=tlsv1
> {noformat}
> {noformat}
> [Jul 31 21:48:23] WARNING[4288] pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337678594> <SSL routines-tls_early_post_process_client_hello-unsupported protocol> len: 0 peer: 127.0.0.1:49478 }}}
> {noformat}
> Workaround is setting
> {noformat}
> method=tlsv1_2
> {noformat}
> which appears to accept both TLSv1.2 and TLSv1.3 connections.
> I have quickly spun up a test package with Asterisk 16.12.0 which shows the same symptoms
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list