On 1/23/2020 6:04 PM, hw wrote:
This is what mine looks like which works just fine:
[transport-tls]
type = transport
protocol = tls
method = tlsv1_2
cipher =
ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128
-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-
AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256
cert_file = /etc/letsencrypt/live/specialdomain.com/fullchain.pem
priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem
Thanks, it still says
SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines-
ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937
I guess I should have been more clear before - with the above settings
TLS works for other phones, I hadn't tried with Wave.
I downloaded Wave for iOS and played around a bit and stumbled on a
working configuration. Wave seems to only support TLS 1.0 which is
problematic itself but it is what it is.
I set up Asterisk 16 on a VM in AWS to test which you can try as well if
you like:
Domain: sip.seanbright.com
Username: asterisk
Password: asterisk
Calls are SRTP if offered, and the number dialed just needs to be 1 or
more digits. This is the configuration I ended up with:
[transport-tls]
type = transport
protocol = tls
method = tlsv1
cert_file = /etc/letsencrypt/live/sip.seanbright.com/fullchain.pem
priv_key_file = /etc/letsencrypt/live/sip.seanbright.com/privkey.pem
bind = 0.0.0.0:5061
external_media_address = 52.91.86.158
external_signaling_address = 52.91.86.158
Hope that helps,
Sean
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
Check out the new Asterisk community forum at: https://community.asterisk.org/
New to Asterisk? Start here:
https://wiki.asterisk.org/wiki/display/AST/Getting+Started
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
