[asterisk-bugs] [JIRA] (ASTERISK-30470) Cisco SPA3XX and SPA5XX not register with PJSIP TLS and LE certs

[Dmitry Shleg (JIRA)]

Dmitry Shleg created ASTERISK-30470:
---------------------------------------

             Summary: Cisco SPA3XX and SPA5XX not register with PJSIP TLS and LE certs
                 Key: ASTERISK-30470
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30470
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: pjproject/pjsip
    Affects Versions: 18.17.0, 18.16.0, 18.9.0
         Environment: Debian 11 Bulleye with latest updates
            Reporter: Dmitry Shleg
            Severity: Blocker


I trying to migrate from asterisk 13 chan_sip to asterisk 18 with pjsip channel driver. I has ~300 Cisco SPA devices with 7.6.2e like a SR5 firmware

i has three test enviroments(LetsEncrypt certs ):
1. (prod)VM CentOS7 + asterisk 13 ( chan_sip ) - not register problems
  chan_sip configured with tlsdontverifyserver=no, tlsclientmethod=tlsv1 

2. (test)VM with latest FreePBX distro ( asterisk 18.13 + FreePBX 14)
    pjsip driver by default works with param: method=tlsv1_2 and when phone connects to asterisk i got error:
SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900> <SSL routines-SSL23_GET_CLIENT_HELLO-unknown protocol

after change to method=sslv23, devices registers without problems

3. (test)VM Debian 11 + Asterisk installed from source 
in any param method(default, sslv23, tlsv1, tlsv1_2) console says:
SSL routines-tls_early_post_process_client_hello-unsupported protocol

Please describe right direction to fix it.



--
This message was sent by Atlassian JIRA
(v6.2#6252)