We are using a list of ciphers for ‘dtls_ciphers’ in our pjsip.conf file for every endpoint along with our ssl certificates.
Now we are shifting to Realtime PJSIP, we used ‘Alembic’ to generate asterisk schema tables as given by: https://wiki.asterisk.org/wiki/display/AST/Setting+up+PJSIP+Realtime#SettingupPJSIPRealtime-ConfiguringODBC
But the ‘dtls_cipher’ variable in ps_endpoints table has type varchar(200). So it cannot accept more than 200 characters. When I tried to remove few ciphers (any of them) I am getting below error and call got declined.
ERROR[C-00000007]: res_rtp_asterisk.c:2863 __rtp_recvfrom: DTLS failure occurred on RTP instance ‘0x7f770c01a048’ due to reason ‘sslv3 alert handshake failure’, terminating
I am seeing two approaches here:
Remove all the ciphers and keep ‘ALL’, let asterisk decide which cipher to use. (I have tested this option)
Alter dtls_cipher variable in ps_endpoints table to accept more than 200 chars.
Which will be the right option ? Any suggestion would be highly appreciated.