Asterisk 13 + TLS

Asterisk Asterisk SIP
1

Hi,

Im trying autenthicate my endpoint “zoiper” with tls transport, but console shows errors ssl certificate, some like this ::

[May 31 07:44:53] WARNING[1497]: pjproject: <?>: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <167772418> <SSL routines-???-unsupported protocol> len: 0 peer: 192.168.15.61:35030

We are using

OS: NAME=“Oracle Linux Server” “9.2”
Asterisk = 13.38.3

pjsip.conf

;===============TRANSPORT

[simpletrans]

type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
;method=tlsv1
method=sslv23
;===============EXTENSION 6001

[6001]
type=endpoint
context=internal
disallow=all
allow=ulaw
auth=auth6001
aors=6001
media_encryption=sdes

[auth6001]
type=auth
auth_type=userpass
password=6001
username=6001

[6001]
type=aor
max_contacts=1

certificates

/etc/asterisk/keys

-rwxrwxrwx. 1 root root 3079 mai 31 07:13 6001.pem
-rwxrwxrwx. 1 root root 1375 mai 31 07:13 6001.crt
-rwxrwxrwx. 1 root root 920 mai 31 07:13 6001.csr
-rwxrwxrwx. 1 root root 1704 mai 31 07:13 6001.key
-rwxrwxrwx. 1 root root 114 mai 31 07:13 tmp.cfg
-rwxrwxrwx. 1 root root 3079 mai 31 07:11 asterisk.pem
-rwxrwxrwx. 1 root root 1375 mai 31 07:11 asterisk.crt
-rwxrwxrwx. 1 root root 920 mai 31 07:10 asterisk.csr
-rwxrwxrwx. 1 root root 1704 mai 31 07:10 asterisk.key
-rwxrwxrwx. 1 root root 1753 mai 31 07:10 ca.crt
-rwxrwxrwx. 1 root root 3414 mai 31 07:10 ca.key
-rwxrwxrwx. 1 root root 150 mai 31 07:10 ca.cfg

Endpoint = Zoiper 3.3

Some one help us ?

2

Please upgrade to a supported version of Asterisk.

The message is saying that the protocol is unsupported, not that it can’t match the name.

I don’t know if Asterisk just passes the file name, or opens it itself and passes the contents or an open file descriptor. I would really, really, hope that OpenSSL would refuse to use this file (and actually all the certificate files, if passed the filename, and Asterisk really should be refusing to use it, if it opened it. You should assume all your cryptographic material has been compromised and start over with sensible permissions.

3

are you telling me that transport TLS + certificate will not work with asterisk 13 at all?

4

No. I’m telling you that people here are unlikely to spend time debugging a problem on Asterisk 13.

My guess is that the issue is with the method setting and/or the version of OpenSSL that you have.

5

They’re also pretty unlikely to help when you have this:

/etc/asterisk/keys

-rwxrwxrwx. 1 root root 3079 mai 31 07:13 6001.pem
-rwxrwxrwx. 1 root root 1375 mai 31 07:13 6001.crt
-rwxrwxrwx. 1 root root 920 mai 31 07:13 6001.csr
-rwxrwxrwx. 1 root root 1704 mai 31 07:13 6001.key
-rwxrwxrwx. 1 root root 114 mai 31 07:13 tmp.cfg
-rwxrwxrwx. 1 root root 3079 mai 31 07:11 asterisk.pem
-rwxrwxrwx. 1 root root 1375 mai 31 07:11 asterisk.crt
-rwxrwxrwx. 1 root root 920 mai 31 07:10 asterisk.csr
-rwxrwxrwx. 1 root root 1704 mai 31 07:10 asterisk.key
-rwxrwxrwx. 1 root root 1753 mai 31 07:10 ca.crt
-rwxrwxrwx. 1 root root 3414 mai 31 07:10 ca.key
-rwxrwxrwx. 1 root root 150 mai 31 07:10 ca.cfg

Antony.

6

And now there’s an 18 thread at Asterisk 18 + TLS

7

solution ?

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.