[asterisk-bugs] [JIRA] (ASTERISK-29017) pjsip: As of 2.9 with newer OpenSSL "tlsv1" method is TLSv1.3 only

Tue Oct 27 11:57:15 CDT 2020

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29017?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=252581#comment-252581 ] 

Alexander Traud commented on ASTERISK-29017:
--------------------------------------------

[~bschmidt], I tried to reproduce your issue on Debian Bullseye (currently testing) and was not able to do so. In Asterisk, {{method=}} does not have a ‘good’ default. I know, this is in contrast to your previous analysis in ASTERISK-27031. When you leave that out (or empty), all TLS versions are disabled by PJSIP. Because PJSIP does not know how to disable TLS 1.3, yet, it is left enabled. Furthermore, {{method=sslv23}} works here. Going for {{method=tlsv1}} does not set TLS 1.0 as minimum version. Instead it disables all other versions except TLS 1.0. And because TLS 1.0 is disabled on default in Debian Bullseye, you end up with no TLS version (except TLS 1.3 because PJSIP does not disable that). If you need TLS 1.3, TLS 1.2, and TLS 1.0, you go for {{method=sslv23}} and one of those:

a) Look at {{Set-systemwide-default-settings-for-libssl-users.patch}} introduced with Debian Bullseye. That means to have to edit the last line of the file {{/etc/ssl/openssl.cnf}} system wide: {{MinProtocol = TLSv1}}

b) You do not use the Debian provided package {{asterisk}} but go for your own one with its own {{openssl}}. A step-by-step-guide is in ASTERISK-27908… with that the _minimum_ version is not TLS 1.2 but TLS 1.0.

c) You re-phrase your report. I guess, you want a way to control the _minimum_ version from within a configuration file like {{/etc/asterisk/pjsip.conf}}. If I understand the comments in the Asterisk community thread correctly, that would be a not a bug but a feature request. Am I correct?

So once again: If you specify a specific version in {{pjsip.conf}}, PJSIP disables all other versions except that one. Because your system has TLS 1.0 disabled already, you end up with no version. Because PJSIP does not know how to disable TLS 1.3, yet, you end up with TLS 1.3-only. I think, the way to go is a {{min_protocol}} which overrides the system value. However, that is something the Usable-Security Engineer of the Asterisk team = of Sangoma has to decide.

> pjsip: As of 2.9 with newer OpenSSL "tlsv1" method is TLSv1.3 only
> ------------------------------------------------------------------
>
>                 Key: ASTERISK-29017
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29017
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip
>    Affects Versions: 16.10.0, 16.12.0
>         Environment: Debian Unstable (sid)
>            Reporter: Bernhard Schmidt
>
> Originally reported to Debian in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966636 . 
> After upgrading from Asterisk 16.2.1 to Asterisk 16.10.0 the pjsip TLS listener only accepts TLSv1.3 connections in the default configuration (method= not set or set to "default")
> {noformat}
> [transport-tls]
> type=transport
> protocol=tls
> bind=0.0.0.0
> cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
> priv_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
> ;cipher=ADH-AES256-SHA,ADH-AES128-SHA
> ;method=tlsv1
> {noformat}
> {noformat}
> [Jul 31 21:48:23] WARNING[4288] pjproject:                         SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337678594> <SSL routines-tls_early_post_process_client_hello-unsupported protocol> len: 0 peer: 127.0.0.1:49478 }}}
> {noformat}
> Workaround is setting
> {noformat}
> method=tlsv1_2
> {noformat}
> which appears to accept both TLSv1.2 and TLSv1.3 connections.
> I have quickly spun up a test package with Asterisk 16.12.0 which shows the same symptoms

--
This message was sent by Atlassian JIRA
(v6.2#6252)