[asterisk-users] solved: PJSIP and Grandstream Wave with TSL and SRTP

hw hw at gc-24.de
Wed Jan 29 12:41:56 CST 2020


Hi,

I've got it to work with the following transport:


[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
ca_list_file=/etc/pki/tls/certs/ca-bundle.crt
cert_file=/etc/asterisk/cert/newc/himinbjorg.adminart.net.pem
priv_key_file=/etc/asterisk/cert/newc/himinbjorg.adminart.net.key.pem


This is using a self-signed certificate.  Note that I omitted 'method='.


On Wednesday, January 22, 2020 3:18:23 AM CET hw wrote:
> Hi,
> 
> after switching from chan_sip to chan_pjsip, a device running Grandstream
> Wave leads to the following error message on the asterisk console:
> 
> 
> SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines-
> ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:43357
> 
> 
> Something with the encryption must have changed with asterisk.  How can I
> get the device to register again?
> 
> 
> [transport-tls]
> type = transport
> protocol = tls
> bind = 0.0.0.0:5061
> tos = cs5
> cert_file = /etc/asterisk/cert/asterisk.pem
> ca_list_file = /etc/pki/tls/certs/ca-bundle.crt
> method = sslv23
> 
> 
> 'method = tlsv1' doesn't work, either.







More information about the asterisk-users mailing list