Pjsip ssl method

Hello.
We use Asterisk 16 and have many TLS pjsip connections. When setting ssl method to tlsv1.2 in pjsip transport config, some obsolete hard phones cannot register with error in the log:
“WARNING[26644] pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900> <SSL routines-SSL23_GET_CLIENT_HELLO-unknown protocol len: 0 peer: 1.2.3.4:44392”

In other side, when ssl method set to default value (tlsv1.0) all phones are registered, but we don’t want to apply this method with its obsolete crypto suites for modern phones because of security reasons.
Is it possible to configure Asterisk ssl settings to use tlsv1.2, but provide availability for old crypto suites as well?

No idea at all? pjsip doesn’t support backward compatibility of crypto suites?

I’ve done some research on this a while ago and apparently it is not possible at the moment.

1 Like