I have tried commenting and uncommenting the cipher parameters.
Now, when i try to connect to this platform through MicroSIP i don’t have any problem with Handshake, but im not sure if the softphone itself has a certificate.
Any ideas will be greatly appreciated
Warm Regards
On Wednesday 06 March 2024 at 20:53:08, Diego.Espinoza via Asterisk Community
wrote:
Dear Community,
I’ve been trying to connect to a SIP Registrar Platform through TLS
Transport, And one prequisite to connect to it was not to have a tls
certificate
Asterisk (No cert) >>>>(TLS)>>>>>> Platform
I can’t even work out what that means.
Please point to any documentation, RFC, standard or configuration guidelines,
for any application whatsoever, which explains using TLS without certificates.
At best, someone might be able to help you; at worst, I’ll be enlightened.
It’s possible to do it without a certificate either by generating a transient certificate (which the other end cannot validate), or by using a key exchange algorithm that doesn’t use certificates. The latter do exist, but I’m not sure if they are still considered safe, and, for both, I don’t know to what extent OpenSSL supports them, as I think most people use a cookbook approach to it, so don’t consider these edge cases.
I haven’t had to research this in enough detail to say more than the above.
Of course, what the OP might really mean is without an external CA.
(I think Diffie Hellman is certificateless.)
The OP should note that the key role for a certificate is to prevent a man in the middle attack; it is for authentication, not encryption.