SSL problems (Handshake)

#1

Hello i’m trying to give acces via wss to Odoo and i think i’ve everythin up & running except the cert problems.
Steps i follow :

  1. Tutorial from asterisk to setup tls/wss
  2. Create certificates with the ast_tls_cert and having the .pem .crt .key files

[pjsip.conf]

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/asterisk/keys/asterisk.crt
priv_key_file=/etc/asterisk/keys/asterisk.key
cipher=ADH-AES128-SHA256
method=tlsv1

[http.conf]

servername=Asterisk
enabled=Yes
bindaddr=0.0.0.0
bindport=8088
tlsenable=yes          ; enable tls - default no.
tlsbindaddr=192.168.1.227:8089    ; address and port to bind to - default is bindaddr and port 8089.
;tlsdontverifyserver=yes
tlscertfile=/etc/asterisk/keys/asterisk.pem  ; path to the certificate file (*.pem) only.
;tlscafile=/etc/asterisk/keys/asterisk.crt
;tlsprivatekey=/etc/asterisk/keys/asterisk_key.pem    ; path to private key file (*.pem) only.
;tlsprivatekey=/etc/asterisk/keys/ca.pem

Here the tutorial seems to be not very clear as it requires in the key private a .pem file but the script does not create one.
Am i missing something there?

And when trying to connect through https://www.websocket.org/echo.html using
wss://<ip_address>:5061/ws
i’m getting in the console this errors
WARNING[21949]: pjproject: <?>: | SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337625269> len: 0 peer: 192.168.1.1:47932|
|—|---|
WARNING[21949]: pjproject: <?>: | SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337625269> len: 0 peer: 192.168.1.1:47934|

Also my local chrome have connection to it…

websocket-asterisk
websocket-asterisk.png860×86 8.11 KB

The error shown when i try an external connection:

asterisk-handshake-error
asterisk-handshake-error.png1805×54 20.1 KB

Can someone helps me with this?

Regards

#2

In your echo attempt you were using port 5061 instead of 8089. You can’t connect to port 5061 as that is for SIP TLS, not HTTPS Websocket.

#3

But if i change to port 8089, i’ve no answer to my asterisk.

Can you point me out what i’m doing wrong?
Thanks

#4

You’ll need to be more specific about what exactly you are wanting to do, what you’ve tried, and what you are expecting.

#5

I’m trying to connect Odoo which uses a wss://<ip_adrr>:<_port>/ws to connect to asterisk, but with no luck.
Internally everything works fine with calling extensions and also external connections with 3cx softphones to asterisk.
I think that my mistake is about the ssl certificates as i pointed above with the 2 .pem files required

#6

Is the certificate self signed? Does Odoo allow self signed certificates? What does it say when you try? Did you use the 8089 port and address? I should also add that I don’t believe Odoo has ever been tested against Asterisk over websockets.

#7

i create them following https://wiki.asterisk.org/wiki/display/AST/Configuring+Asterisk+for+WebRTC+Clients

To test the connection to wss://…/ws i use https://www.websocket.org/echo.html with the port 8089 but no reply from asterisk. If i change to 5061 the console replies with the handshake error.

#8

On connection Asterisk wouldn’t send anything. If it connected, then the websocket was successfully established.

#9

Thanks for your reply jcolp.
Answering your questions :

Is the certificate self signed?
The certificate is self signed, yes

Does Odoo allow self signed certificates?
It does

Did you use the 8089 port and address?
Yes i did, and this is the reply when i try it.

ERROR[21323]: tcptls.c:157 handle_tcptls_connection: Unable to set up ssl connection with peer '<ip_addr>:18994
iostream.c:538 ast_iostream_close: SSL_shutdown() failed: error:00000001:lib(0):func(0):reason(1), Internal SSL error
ERROR[21324]: iostream.c:633 ast_iostream_start_tls: Problem setting up ssl connection: error:00000001:lib(0):func(0):reason(1), Internal SSL

#10

What TLS version does Odoo support? What ciphers? Does it give you any indication of a problem? What version of OpenSSL is in use?