We use Asterisk 16 and have many TLS pjsip connections. When setting ssl method to tlsv1.2 in pjsip transport config, some obsolete hard phones cannot register with error in the log:
“WARNING pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900> <SSL routines-SSL23_GET_CLIENT_HELLO-unknown protocol len: 0 peer: 188.8.131.52:44392”
In other side, when ssl method set to default value (tlsv1.0) all phones are registered, but we don’t want to apply this method with its obsolete crypto suites for modern phones because of security reasons.
Is it possible to configure Asterisk ssl settings to use tlsv1.2, but provide availability for old crypto suites as well?