[asterisk-users] PJSIP and Grandstream Wave with TSL and SRTP
Sean Bright
sean.bright at gmail.com
Fri Jan 24 11:25:48 CST 2020
On 1/23/2020 6:04 PM, hw wrote:
>> This is what mine looks like which works just fine:
>>
>> [transport-tls]
>> type = transport
>> protocol = tls
>> method = tlsv1_2
>> cipher =
>> ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128
>> -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-
>> AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256
>> cert_file = /etc/letsencrypt/live/specialdomain.com/fullchain.pem
>> priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem
> Thanks, it still says
>
>
> SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines-
> ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937
I guess I should have been more clear before - with the above settings
TLS works for other phones, I hadn't tried with Wave.
I downloaded Wave for iOS and played around a bit and stumbled on a
working configuration. Wave seems to only support TLS 1.0 which is
problematic itself but it is what it is.
I set up Asterisk 16 on a VM in AWS to test which you can try as well if
you like:
Domain: sip.seanbright.com
Username: asterisk
Password: asterisk
Calls are SRTP if offered, and the number dialed just needs to be 1 or
more digits. This is the configuration I ended up with:
[transport-tls]
type = transport
protocol = tls
method = tlsv1
cert_file = /etc/letsencrypt/live/sip.seanbright.com/fullchain.pem
priv_key_file = /etc/letsencrypt/live/sip.seanbright.com/privkey.pem
bind = 0.0.0.0:5061
external_media_address = 52.91.86.158
external_signaling_address = 52.91.86.158
Hope that helps,
Sean
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20200124/c7100ed5/attachment.html>
More information about the asterisk-users
mailing list