[asterisk-users] PJSIP and Grandstream Wave with TSL and SRTP

Sean Bright sean.bright at gmail.com
Fri Jan 24 11:25:48 CST 2020

On 1/23/2020 6:04 PM, hw wrote:
>> This is what mine looks like which works just fine:
>> [transport-tls]
>> type          = transport
>> protocol      = tls
>> method        = tlsv1_2
>> cipher        =
>> cert_file     = /etc/letsencrypt/live/specialdomain.com/fullchain.pem
>> priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem
> Thanks, it still says
> SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines-
> ssl3_get_client_hello-no shared cipher> len: 0 peer:

I guess I should have been more clear before - with the above settings 
TLS works for other phones, I hadn't tried with Wave.

I downloaded Wave for iOS and played around a bit and stumbled on a 
working configuration. Wave seems to only support TLS 1.0 which is 
problematic itself but it is what it is.

I set up Asterisk 16 on a VM in AWS to test which you can try as well if 
you like:

Domain: sip.seanbright.com
Username: asterisk
Password: asterisk

Calls are SRTP if offered, and the number dialed just needs to be 1 or 
more digits. This is the configuration I ended up with:

type          = transport
protocol      = tls
method        = tlsv1
cert_file     = /etc/letsencrypt/live/sip.seanbright.com/fullchain.pem
priv_key_file = /etc/letsencrypt/live/sip.seanbright.com/privkey.pem
bind          =
external_media_address     =
external_signaling_address =

Hope that helps,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20200124/c7100ed5/attachment.html>

More information about the asterisk-users mailing list