<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <div class="moz-cite-prefix">On 1/23/2020 6:04 PM, hw wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:3306965.LP3Aop9DGJ@toy.adminart.net">
      <blockquote type="cite" style="color: #000000;">
        <pre class="moz-quote-pre" wrap="">This is what mine looks like which works just fine:

[transport-tls]
type          = transport
protocol      = tls
method        = tlsv1_2
cipher        =
ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128
-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-
AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256
cert_file     = /etc/letsencrypt/live/specialdomain.com/fullchain.pem
priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem
</pre>
      </blockquote>
      <pre class="moz-quote-pre" wrap="">Thanks, it still says


SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines-
ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937</pre>
    </blockquote>
    <br>
    I guess I should have been more clear before - with the above
    settings TLS works for other phones, I hadn't tried with Wave.<br>
    <br>
    I downloaded Wave for iOS and played around a bit and stumbled on a
    working configuration. Wave seems to only support TLS 1.0 which is
    problematic itself but it is what it is.<br>
    <br>
    I set up Asterisk 16 on a VM in AWS to test which you can try as
    well if you like:<br>
    <br>
    Domain: sip.seanbright.com<br>
    Username: asterisk<br>
    Password: asterisk<br>
    <br>
    Calls are SRTP if offered, and the number dialed just needs to be 1
    or more digits. This is the configuration I ended up with:<br>
    <tt><br>
    </tt><tt>[transport-tls]</tt><tt><br>
    </tt><tt>type          = transport</tt><tt><br>
    </tt><tt>protocol      = tls</tt><tt><br>
    </tt><tt>method        = tlsv1</tt><tt><br>
    </tt><tt>cert_file     =
      /etc/letsencrypt/live/sip.seanbright.com/fullchain.pem</tt><tt><br>
    </tt><tt>priv_key_file =
      /etc/letsencrypt/live/sip.seanbright.com/privkey.pem</tt><tt><br>
    </tt><tt>bind          = 0.0.0.0:5061</tt><tt><br>
    </tt><tt>external_media_address     = 52.91.86.158</tt><tt><br>
    </tt><tt>external_signaling_address = 52.91.86.158</tt><br>
    <br>
    Hope that helps,<br>
    Sean<br>
  </body>
</html>