[asterisk-users] PJSIP and Grandstream Wave with TSL and SRTP

hw hw at gc-24.de
Sat Jan 25 13:25:57 CST 2020 

On Friday, January 24, 2020 6:25:48 PM CET Sean Bright wrote:
> On 1/23/2020 6:04 PM, hw wrote:
> >> This is what mine looks like which works just fine:
> >> 
> >> [transport-tls]
> >> type          = transport
> >> protocol      = tls
> >> method        = tlsv1_2
> >> cipher        =
> >> ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES
> >> 128
> >> -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-
> >> RSA- AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256
> >> cert_file     = /etc/letsencrypt/live/specialdomain.com/fullchain.pem
> >> priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem
> > 
> > Thanks, it still says
> > 
> > 
> > SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines-
> > ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937
> 
> I guess I should have been more clear before - with the above settings
> TLS works for other phones, I hadn't tried with Wave.
> 
> I downloaded Wave for iOS and played around a bit and stumbled on a
> working configuration. Wave seems to only support TLS 1.0 which is
> problematic itself but it is what it is.
> 
> I set up Asterisk 16 on a VM in AWS to test which you can try as well if
> you like:
> 
> Domain: sip.seanbright.com
> Username: asterisk
> Password: asterisk
> 
> Calls are SRTP if offered, and the number dialed just needs to be 1 or
> more digits. This is the configuration I ended up with:
> 
> [transport-tls]
> type          = transport
> protocol      = tls
> method        = tlsv1
> cert_file     = /etc/letsencrypt/live/sip.seanbright.com/fullchain.pem
> priv_key_file = /etc/letsencrypt/live/sip.seanbright.com/privkey.pem
> bind          = 0.0.0.0:5061
> external_media_address     = 52.91.86.158
> external_signaling_address = 52.91.86.158

Ok, I created a new certificate and it still doesn't work with your transport.

Is Centos 7 too old to run asterisk on?  Is the android device I'm using too 
old?

Why did it work before changing from SIP to PJSIP?  Do I need to do anything 
special when creating the certificate?

More information about the asterisk-users mailing list