[asterisk-bugs] [JIRA] (ASTERISK-30470) Cisco SPA3XX and SPA5XX not register with PJSIP TLS and LE certs

Joshua C. Colp (JIRA) noreply at issues.asterisk.org
Thu Mar 16 14:33:03 CDT 2023


    [ https://issues.asterisk.org/jira/browse/ASTERISK-30470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=261589#comment-261589 ] 

Joshua C. Colp commented on ASTERISK-30470:
-------------------------------------------

It is unlikely to be a PJSIP build bug. OpenSSL can be built by the Linux distribution with or without support for older SSL, and it can also be configured at runtime. It is entirely possible and likely that on Debian 11 it's not supporting the older one and thus isn't working. As the comment before said, I would suggest using the community resources to discuss this instead of jumping to it being a bug.

> Cisco SPA3XX and SPA5XX not register with PJSIP TLS and LE certs
> ----------------------------------------------------------------
>
>                 Key: ASTERISK-30470
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30470
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: pjproject/pjsip
>    Affects Versions: 18.9.0, 18.16.0, 18.17.0
>         Environment: Debian 11 Bulleye with latest updates
>            Reporter: Dmitry Shleg
>            Severity: Major
>
> I trying to migrate from asterisk 13 chan_sip to asterisk 18 with pjsip channel driver. I has ~300 Cisco SPA devices with 7.6.2e like a SR5 firmware
> i has three test enviroments(LetsEncrypt certs ):
> 1. (prod)VM CentOS7 + asterisk 13 ( chan_sip ) - not register problems
>   chan_sip configured with tlsdontverifyserver=no, tlsclientmethod=tlsv1 
> 2. (test)VM with latest FreePBX distro ( asterisk 18.13 + FreePBX 14)
>     pjsip driver by default works with param: method=tlsv1_2 and when phone connects to asterisk i got error:
> SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900> <SSL routines-SSL23_GET_CLIENT_HELLO-unknown protocol
> after change to method=sslv23, devices registers without problems
> 3. (test)VM Debian 11 + Asterisk installed from source 
> in any param method(default, sslv23, tlsv1, tlsv1_2) console says:
> SSL routines-tls_early_post_process_client_hello-unsupported protocol
> Please describe right direction to fix it.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list