dave432
December 23, 2022, 3:14pm
1
Hi,
[Dec 23 13:54:09] ERROR[47786]: pjproject: <?>: ssl0x5651633c2c20 Error reading CA certificates from buffer
[Dec 23 13:54:10] WARNING[47786]: pjproject: <?>: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> <SSL routines-tls_post_process_client_hello-no shared cipher> len: 0 peer: 172.30.0.121:52836
[Dec 23 13:54:35] WARNING[47786]: pjproject: <?>: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> <SSL routines-tls_post_process_client_hello-no shared cipher> len: 0 peer: 172.30.0.121:52837type or paste code here
My pjsip.conf file:
[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/ssl/sip.crt
priv_key_file=/etc/asterisk/ssl/sip_private_key.pem
cipher=ALL
method=tlsv1_2
[endpoint-internal-d70](!)
type = endpoint
context = phones
allow = !all,g722,ulaw
direct_media = no
trust_id_outbound = yes
;device_state_busy_at = 1
;transport = transport-tls
dtmf_mode = rfc4733
media_encryption=sdes
[auth-userpass](!)
type = auth
auth_type = userpass
[aor-single-reg](!)
type = aor
max_contacts = 1
You haven’t provided any! (ca_list_*)
dave432
December 23, 2022, 3:45pm
3
Thank You, but leave this error:
[Dec 23 13:54:10] WARNING[47786]: pjproject: <?>: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> <SSL routines-tls_post_process_client_hello-no shared cipher> len: 0 peer: 172.30.0.121:52836
dave432
December 23, 2022, 5:06pm
5
Thank You, but leave this error:
[Dec 23 13:54:10] WARNING[47786]: pjproject: <?>: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337092801> <SSL routines-tls_post_process_client_hello-no shared cipher> len: 0 peer: 172.30.0.121:52836
What can cause it?
No ciphers in common. Your trace doesn’t say which ciphers are being offered, even though, at that point, the connection will be in the clear.
dave432
December 23, 2022, 5:35pm
7
Like that?:
cipher=TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305
method=tlsv1_2
The following should tell you how to find the ciphers your system can support (note the examples are for a different TLS version). It also mentions another reason for no matching ciphers.
Hi all!
Trying to migrate from chan_sip to pjsip.
I’m having trouble getting tls to run with pjsip.
I’m using Asterisk 13.19.2 with pjsip 2.7.1 under gentoo (built with --with-pjproject-bundled) using openssl-1.0.2n .
TLS is working for all my devices under chan_sip (Handshake converges to TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA cipher suite)
TLSv1 handshake fails with pjsip for all my devices (I’m trying to debug with CSipSimple 1.02.03)
I see TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA offered in CSipS…
dave432
December 23, 2022, 5:44pm
9
Unfortunately I received new error:
SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336151576> <SSL routines-ssl3_read_bytes-tlsv1 alert unknown ca> len: 0 peer: 172.30.0.130:56277
Your ca_list_file doesn’t contain the certificate for the CA that signed the client’s certificate.
system
January 22, 2023, 6:35pm
11
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
