<div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-size:small">Sorry, my bad. I failed to change the transport to tls on the provision for the hardphone, nor did change the transport on the linphone setup. However, after I do that, the hardphone (Yealink T32G) failed to register, citing:</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default"><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><font face="monospace"><span style="font-variant-ligatures:no-common-ligatures">[Feb 11 14:16:03] </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(180,36,25)">WARNING</span><span style="font-variant-ligatures:no-common-ligatures">[24936]: </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(192,192,192)">pjproject</span><span style="font-variant-ligatures:no-common-ligatures">: </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(192,192,192)"><?></span><span style="font-variant-ligatures:no-common-ligatures">: <span class="gmail-Apple-tab-span" style="white-space:pre"> </span> SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900> <SSL routines-SSL23_GET_CLIENT_HELLO-unknown protocol> len: 0 peer: <a href="http://128.171.77.34:30401">128.171.77.34:30401</a></span></font></p></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">on the linphone side, it also fails to register:</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default"><p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:637 [linphone/belle-sip] MESSAGE Trying to connect to [TLS://::ffff:<a href="http://128.171.77.23:5061">128.171.77.23:5061</a>]</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:652 [linphone/belle-sip] MESSAGE Channel [0x7fc8b8000000]: Connected at TCP level, now doing TLS handshake with cname=128.171.77.23</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:654 [linphone/belle-sip] MESSAGE Channel [0x7fc8b8000000]: SSL handshake in progress...</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate depth=[2], flags=[]:</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">cert. version : 3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">serial number : 44:AF:B0:80:D6:A3:27:BA:89:30:39:86:2E:F8:40:6B</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issuer name : O=Digital Signature Trust Co., CN=DST Root CA X3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">subject name : O=Digital Signature Trust Co., CN=DST Root CA X3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issued on : 2000-09-30 21:12:19</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">expires on : 2021-09-30 14:01:15</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">signed using : RSA with SHA1</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">RSA key size : 2048 bits</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">basic constraints : CA=true</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">key usage : Key Cert Sign, CRL Sign</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0);min-height:25px"><font face="monospace"><span style="font-variant-ligatures:no-common-ligatures"></span><br></font></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate depth=[1], flags=[]:</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">cert. version : 3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">serial number : 40:01:75:04:83:14:A4:C8:21:8C:84:A9:0C:16:CD:DF</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issuer name : O=Digital Signature Trust Co., CN=DST Root CA X3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">subject name : C=US, O=Let's Encrypt, CN=R3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issued on : 2020-10-07 19:21:40</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">expires on : 2021-09-29 19:21:40</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">signed using : RSA with SHA-256</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">RSA key size : 2048 bits</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">basic constraints : CA=true, max_pathlen=0</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">key usage : Digital Signature, Key Cert Sign, CRL Sign</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">ext key usage : TLS Web Server Authentication, TLS Web Client Authentication</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0);min-height:25px"><font face="monospace"><span style="font-variant-ligatures:no-common-ligatures"></span><br></font></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:674 [linphone/belle-sip] MESSAGE Found certificate depth=[0], flags=[CN-mismatch ]:</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">cert. version : 3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">serial number : 03:F0:83:3C:5D:41:76:BC:4E:B2:E6:AB:60:8C:F9:5E:27:86</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issuer name : C=US, O=Let's Encrypt, CN=R3</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">subject name : CN=<a href="http://voip1.ifa.hawaii.edu">voip1.ifa.hawaii.edu</a></font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">issued on : 2020-12-30 02:56:29</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">expires on : 2021-03-30 02:56:29</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">signed using : RSA with SHA-256</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">RSA key size : 2048 bits</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">basic constraints : CA=false</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">subject alt name : <a href="http://voip1.ifa.hawaii.edu">voip1.ifa.hawaii.edu</a></font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">key usage : Digital Signature, Key Encipherment</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">ext key usage : TLS Web Server Authentication, TLS Web Client Authentication</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0);min-height:25px"><font face="monospace"><span style="font-variant-ligatures:no-common-ligatures"></span><br></font></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:674 [linphone/belle-sip] ERROR Channel [0x7fc8b8000000]: SSL handshake failed : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed</font></span></p>
<p style="margin:0px;font-stretch:normal;line-height:normal;color:rgb(0,0,0)"><span style="font-variant-ligatures:no-common-ligatures"><font face="monospace">2021-02-11 13:26:32:674 [linphone/belle-sip] ERROR Cannot connect to [TLS://<a href="http://128.171.77.23:5061">128.171.77.23:5061</a>]</font></span></p></div><div class="gmail_default" style="font-size:small"><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Feb 8, 2021 at 12:27 PM Joshua C. Colp <<a href="mailto:jcolp@digium.com">jcolp@digium.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">On Mon, Feb 8, 2021 at 6:14 PM Ruisheng Peng <<a href="mailto:rpeng@ifa.hawaii.edu" target="_blank">rpeng@ifa.hawaii.edu</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:small">Thanks Jashua for the suggestion. To find out if the issue was only limited to the softphone that was using tls transport (SOFTPHONE_B on ext 103, a linphone running off my MBP), I also turned one of the hard phone (0000f30A0A01 on ext 100, a Yealink T32G) into using tls transport. It behaves similarly to the linphone in that the Hangup() call in dialplan is silently ignored, and the handsets would alway appear as busy/unavilable. <br></div></div></div></div></div></div></div></blockquote><div><br></div><div>Have you configured the devices, on them or using their provisioning, to use TLS? It does not appear so as they are using UDP, while you're forcing a TLS transport in Asterisk. This would not work. </div></div><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-family:tahoma,sans-serif"><div><font color="#073763">Joshua C. Colp</font></div><div><font color="#073763">Asterisk Technical Lead</font></div><div><font color="#073763">Sangoma Technologies</font></div><div><font color="#073763">Check us out at <a href="http://www.sangoma.com/" target="_blank">www.sangoma.com</a> and <a href="http://www.asterisk.org/" target="_blank">www.asterisk.org</a></font></div></div></div></div></div></div></div></div></div></div></div></div>
-- <br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" rel="noreferrer" target="_blank">http://www.api-digital.com</a> --<br>
<br>
Check out the new Asterisk community forum at: <a href="https://community.asterisk.org/" rel="noreferrer" target="_blank">https://community.asterisk.org/</a><br>
<br>
New to Asterisk? Start here:<br>
<a href="https://wiki.asterisk.org/wiki/display/AST/Getting+Started" rel="noreferrer" target="_blank">https://wiki.asterisk.org/wiki/display/AST/Getting+Started</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" rel="noreferrer" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a></blockquote></div>