[asterisk-users] PJSIP and Grandstream Wave with TSL and SRTP

Sean Bright sean.bright at gmail.com
Fri Jan 24 11:25:48 CST 2020


On 1/23/2020 6:04 PM, hw wrote:
>> This is what mine looks like which works just fine:
>>
>> [transport-tls]
>> type          = transport
>> protocol      = tls
>> method        = tlsv1_2
>> cipher        =
>> ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128
>> -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-
>> AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256
>> cert_file     = /etc/letsencrypt/live/specialdomain.com/fullchain.pem
>> priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem
> Thanks, it still says
>
>
> SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines-
> ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937

I guess I should have been more clear before - with the above settings 
TLS works for other phones, I hadn't tried with Wave.

I downloaded Wave for iOS and played around a bit and stumbled on a 
working configuration. Wave seems to only support TLS 1.0 which is 
problematic itself but it is what it is.

I set up Asterisk 16 on a VM in AWS to test which you can try as well if 
you like:

Domain: sip.seanbright.com
Username: asterisk
Password: asterisk

Calls are SRTP if offered, and the number dialed just needs to be 1 or 
more digits. This is the configuration I ended up with:

[transport-tls]
type          = transport
protocol      = tls
method        = tlsv1
cert_file     = /etc/letsencrypt/live/sip.seanbright.com/fullchain.pem
priv_key_file = /etc/letsencrypt/live/sip.seanbright.com/privkey.pem
bind          = 0.0.0.0:5061
external_media_address     = 52.91.86.158
external_signaling_address = 52.91.86.158

Hope that helps,
Sean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20200124/c7100ed5/attachment.html>


More information about the asterisk-users mailing list