[asterisk-users] Problem with TLS/SRTP with Asterisk 11.8.1
Patrick Laimbock
patrick at laimbock.com
Mon Mar 24 22:22:42 CDT 2014
On 24-03-14 21:28, Patrick Laimbock wrote:
[snip]
> == Problem setting up ssl connection: error:14094410:SSL
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
> [Mar 24 21:20:56] WARNING[28467]: tcptls.c:272 handle_tcptls_connection:
So others may find the fix: make sure the server and client certificates
have the proper keyUsage. The ast_gen_tls script does not set them and
this caused the handshake/verification to fail.
The client certificate needs something like:
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = clientAuth
The server certificate needs something like:
keyUsage = digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
HTH,
Patrick
More information about the asterisk-users
mailing list