Asterisk sip: tls doesn't work

pnirru · December 15, 2022, 3:56pm

Give me this error

|[Dec 15 15:54:41] WARNING[3855]: pjproject: <?>: |                   SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> <SSL routines-tls_post_process_client_hello-no shared cipher> len: 0|
|---|---|
|[Dec 15 15:54:41] WARNING[3855]: pjproject: <?>: |                   SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> <SSL routines-tls_post_process_client_hello-no shared cipher> len: 0|

This is my sip.conf

[general]
context = local
bindport = 5060
bindaddr = 0.0.0.0
tlsenable=yes
tlsbindaddr=0.0.0.0
tlscertfile=/etc/asterisk/keys/asterisk-crt.pem
tlscafile=/etc/asterisk/keys/myca.crt
tlscipher=HIGH:-TLSv1.1:-TLSv1:-SSLv2:-SSLv3
language=it
tonezone=it
progressinband=yes
srvlookup=yes

[telefono1]
context=local
type=peer
defaultuser=telefono1
secret=*****
qualify=200
host=dynamic
directmedia=yes
transport=tls
encryption=yes

I’ve tried also without

tlscipher=HIGH:-TLSv1.1:-TLSv1:-SSLv2:-SSLv3

but nothing change, no phone can register

pnirru · December 15, 2022, 3:57pm

The certs are self-signed, I have create it making cat cert.pem privkey.pem > asterisk-crt.pem

pnirru · December 15, 2022, 4:00pm

New configuration…

tlscertfile=/etc/asterisk/keys/asterisk-crt.pem
tlscafile=/etc/asterisk/keys/myca.priv.crt
tlsprivatekey=/etc/asterisk/keys/asterisk-key.pem

same error


|[Dec 15 15:58:58] WARNING[3967]: pjproject: <?>: |                   SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> <SSL routines-tls_post_process_client_hello-no shared cipher> len: 0|
|---|---|
|[Dec 15 15:58:58] WARNING[3967]: pjproject: <?>: |                   SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> <SSL routines-tls_post_process_client_hello-no shared cipher> len: 0|

pnirru · December 15, 2022, 4:10pm

also udp registration doesn’t work!
The password and user are correct but


Request 'REGISTER' from '"telefono1" <sip:telefono1@myserver.priv>' failed for '192.168.0.2:44128' (callid: 96bdc50c3e5f49dd9beab757172e2dcb) - No matching endpoint found
[Dec 15 16:09:28] NOTICE[5255]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'REGISTER' from '"telefono1" <sip:telefono1@myserver.priv>' failed for '192.168.0.2:44128' (callid: 96bdc50c3e5f49dd9beab757172e2dcb) - No matching endpoint found
[Dec 15 16:09:28] NOTICE[5255]: res_pjsip/pjsip_distributor.c:676 log_failed_request: Request 'REGISTER' from '"telefono1" <sip:telefono1@myserver.priv>' failed for '192.168.0.2:44128' (callid: 96bdc50c3e5f49dd9beab757172e2dcb) - Failed to authenticate

pnirru · December 15, 2022, 4:12pm

Solution found…res_pjsip was loaded, now udp registration work…waiting for tls (solved!)

system · January 14, 2023, 4:12pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error reading CA certificates Asterisk SIP	10	1733	January 22, 2023
SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> <SSL routines-tls_post_process_client_hello-no shared cipher> len: 0 Asterisk SIP	1	1945	January 29, 2022
Pjproject Sporadic (?) SSL error Asterisk SIP	5	188	February 25, 2023
Asterisk 13 + TLS Asterisk SIP	7	468	July 2, 2023
Errors with tls Asterisk SIP	15	1615	October 20, 2022

Asterisk sip: tls doesn't work

Related topics