Pjsip ssl method

Serp · November 2, 2022, 7:35am

Hello.
We use Asterisk 16 and have many TLS pjsip connections. When setting ssl method to tlsv1.2 in pjsip transport config, some obsolete hard phones cannot register with error in the log:
“WARNING[26644] pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900> <SSL routines-SSL23_GET_CLIENT_HELLO-unknown protocol len: 0 peer: 1.2.3.4:44392”

In other side, when ssl method set to default value (tlsv1.0) all phones are registered, but we don’t want to apply this method with its obsolete crypto suites for modern phones because of security reasons.
Is it possible to configure Asterisk ssl settings to use tlsv1.2, but provide availability for old crypto suites as well?

Serp · November 2, 2022, 4:38pm

No idea at all? pjsip doesn’t support backward compatibility of crypto suites?

flole · November 2, 2022, 7:34pm

I’ve done some research on this a while ago and apparently it is not possible at the moment.

system · December 2, 2022, 7:35pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.