Long short story…
I’ve never had a problem with certificate before, asterisk/freepbx working 5 years continuously. 
Suddenly a warning appeared. 
Setup: pjsip, privat cert, softphone zoiper, asterisk 16, freepbx 15
Please help! 
Screeshots below
To all:
As the softphone company start to use higher encryption… you start to get this error because asterisk does not compile with 256 by default.
make distclean
CFLAGS=‘-DENABLE_SRTP_AES_256’ ./configure
This fixed it for me.
John Bittner
CTO
380 US Highway 46, Suite 500
Totowa, NJ 07512
Phone: 201.806.2602 x2405
Fax: 201.806.2604
Cell: 973.390.1090
www.xaccel.net
CONFIDENTIALITY NOTICE:
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information which should not be shared or forwarded. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the e-mail.
From “easy_sip via Asterisk Community” <notifications@asterisk.discoursemail.com>
To “John Bittner” <john@xaccel.net>
Date 11/25/2023 2:36:18 PM
Subject [Asterisk Community] [Asterisk] FIX Unsupported crypto suite AES WARNING
1 Like
Also had some issues with trunk providers using cipher not listed as default I just added in all that I needed.
cipher=ADH-AES256-SHA,ADH-AES128-SHA,ADH-AES128-SHA,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-SHA384,ECDHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA,ECDHE-RSA-AES128-SHA,AES256-GCM-SHA384,AES128-GCM-S HA256,AES256-SHA
John Bittner
CTO
380 US Highway 46, Suite 500
Totowa, NJ 07512
Phone: 201.806.2602 x2405
Fax: 201.806.2604
Cell: 973.390.1090
www.xaccel.net
CONFIDENTIALITY NOTICE:
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information which should not be shared or forwarded. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the e-mail.
From “John Bittner” <john@xaccel.net>
To “Asterisk Community” <incoming+053fe1018d483697aea1fe2e85ccc6fe@asterisk.discoursemail.com>
Date 11/25/2023 3:45:30 PM
Subject Re: [Asterisk Community] [Asterisk] FIX Unsupported crypto suite AES WARNING
1 Like
a) comand “make distclean” not working for me
b) i did not use CFLAGS=‘-DENABLE_SRTP_AES_256’ ./configure
(dont know how to)
c) i add “cipher=ADH-AES256-SHA,ADH-AES12…” to my pjsip_custom.conf
no change still getting WARNING
You’re using FreePBX which includes pre-built Asterisk. The “make” and “configure” comments were in regards to building Asterisk.
What is the actual problem here? Do these warnings prevent calls from setting up? What explicit version of Asterisk 16?
@jcolp Thanks for respond.
Asterisk 16.21.1
Freepbx 15.0.37.4
Zoiper Prem 2.21.11
LetsEncrypt TLS v1.2
Dongle x2
Im working on this setup for long long time, no problem.
Now i get warning, what i understand is “old ver” of my certificate. I’va make new certificate, no luck. warning.
44041 [2023-12-04 17:40:27] VERBOSE[22901][C-00000009] app_dial.c: Dongle/dongle0-0100000003 is making progress passing it to PJSIP/797787878-00000003
44042 [2023-12-04 17:40:27] VERBOSE[16911] res_srtp.c: Unsupported crypto suite: AES_256_CM_HMAC_SHA1_80
44043 [2023-12-04 17:40:27] WARNING[16911] res_pjsip_sdp_rtp.c: Ignoring crypto offer with unsupported parameters: 5 AES_256_CM_HMAC
Still this is a Warning, when i start calling i get error, asterisk skip this Warning and make normal call.
Nothing change on my site in soft and hardware 
EDIT: Asterisk is doing fine
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.