[SOLVED].Asterisk 15.1.2 TLS configuration using (PJSIP stack)

Hello,

I followed this tutorial Secure+Calling+Tutorial with selfsigned certificates and with one from trusted authority. I could not get to work either with self-sign certificate or with this one form trusted authority.

This is the “transport” configuration:

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key

and SIP REGISTER is successful, but when I dial the extension with:

(${PJSIP_DIAL_CONTACTS(${EXTEN})},15) )

I see this error in asterisk console:

Called PJSIP/71010/sips:71010@10.0.13.23:5678;transport=tls
[2018-06-05 15:55:45.477] WARNING[7585]: pjproject:0 <?>:                          SSL STATUS_FROM_SSL_ERR (connecting): Level: 0 err: <336151568> <SSL routines-ssl3_read_bytes-sslv3 alert handshake failure> len: 0
  == Everyone is busy/congested at this time (1:0/1/0)
    -- Executing [71010@sub-Dial-direct:11] Hangup("PJSIP/61002-00000000", "") in new stack
  == Spawn extension (sub-Dial-direct, 71010, 11) exited non-zero on 'PJSIP/61002-00000000'
[2018-06-05 15:55:45.514] WARNING[7585]: pjproject:0 <?>:                          SSL SSL_ERROR_SSL (Read): Level: 0 err: <336462231> <SSL routines-SSL_shutdown-shutdown while in init> len: 32000

Also tried to specify the “method=sslv23” and then I received this:

Called PJSIP/71010/sips:71010@10.0.13.23:5678;transport=tls
[2018-06-05 16:49:01.883] WARNING[30721]: pjproject:0 <?>:                         SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336032784> <SSL routines-SSL23_GET_SERVER_HELLO-sslv3 alert handshake failure> len: 0
  == Everyone is busy/congested at this time (1:0/1/0)
    -- Executing [71010@sub-Dial-direct:11] Hangup("PJSIP/61002-00000000", "") in new stack
  == Spawn extension (sub-Dial-direct, 71010, 11) exited non-zero on 'PJSIP/61002-00000000'
[2018-06-05 16:49:01.893] WARNING[30721]: pjproject:0 <?>:                         SSL SSL_ERROR_SSL (Read): Level: 0 err: <336462231> <SSL routines-SSL_shutdown-shutdown while in init> len: 32000

The lab scheme is:

Client: MicroSIP --> Asterisk 15.1.2 --> Grandstream GXP1620

OS: CentOS 7.4
Asterisk: 15.1.2
libsrtp: tried with both versions 1.4.4 (from base repo) and 1.5.4 (from source)

Could someone help … where/what I missed :slight_smile:

(Also done:

Thanks a lot (and sorry for my English… is not my strength :frowning: )

Best regards,
Denislav

It is Grandstream issue … RESOLVED.