Asterisk PJSIP SSL_ERROR_ZERO_RETURN

Asterisk Asterisk SIP
1

Hello

I’m using Asterisk 18.14.0 with TLS PJSIP Endpoints. The certificate for the TLS Endpoint is a valid Let’s Encrypt Certificate generated by certbot.

This seems to work fine in terms of functionality, but I’m getting a ton of the following warnings on my system:

[Aug 19 13:34:40] WARNING[276075] pjproject: 	                   SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[Aug 19 13:34:50] WARNING[276075] pjproject: 	                   SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[Aug 19 13:35:00] WARNING[276075] pjproject: 	                   SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[Aug 19 13:35:00] WARNING[276075] pjproject: 	                   SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[Aug 19 13:35:00] WARNING[803908] pjproject: 	                   SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[Aug 19 13:35:10] WARNING[276075] pjproject: 	                   SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[Aug 19 13:35:20] WARNING[276075] pjproject: 	                   SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535

The transport is configured like follow:

[transport-tls-nat]
type=transport
protocol=tls
bind=0.0.0.0:5061
local_net=xxx
external_media_address=xxx
external_signaling_address=xxx
cert_file=xxx
priv_key_file=xxx
verify_server=no

The clients connecting to the Asterisk Server are mostly PJSIP and Yealink Clients.

Is there a parameter I can set on the Asterisk to fix these warnings? Or are there special parameters which need to be set when generating the certificate with certbot?

2

Have you done a packet capture or the like to see what device or endpoint might actually be triggering these warnings?

Often it could be caused or triggered by specific endpoints.

FWIW, I see SSL warnings a lot in the Asterisk CLI, with pjsip/pjproject, and generally I just ignore them, which suggests that maybe it’s not a problem in and of itself (at least, I haven’t figured out how to make them go away completely). This includes systems using Let’s Encrypt with certbot. There tends to be a lot of “noise” here from my experience. If something isn’t working, however, like TLS, then it’s a clue that you should hone in as part of debugging.

3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.