We have registered TLS SIP Trunk to ACME Packet SBC. Trunk register final and outgoing calls are working from Asterisk to ACME.
The problem is with incoming calls from ACME towards Asterisk, all of them fail with the error “Problem setting up ssl connection: error:00000000:lib(0):func(0):reason(0)”
We did a tcpdump and analyzed in Wireshark what happens. After ACME receives the Registration message from Asterisk it brings the TLS tunnel up and tries to reuse it all the time. So when ACME needs to send the INVITE to Asterisk it doesn’t include the TLSv1 negotiation thinking that the tunnel is already up.
We got the response from ACME TAC support that it’s a client responsibility to maintain the tunnel negotiation and SBC will never do this on it’s own. This is probably true since standalone endpoints with TLS work both directions (Polycom, Cisco SPA, etc).
So when Asterisk is acting as SIP TLS client it expects the TLS negotiated on any NEW dialog either direction.
We are stuck here. Any thoughts would be greatly appreciated.