On Friday, January 24, 2020 6:25:48 PM CET Sean Bright wrote: > On 1/23/2020 6:04 PM, hw wrote: > >> This is what mine looks like which works just fine: > >> > >> [transport-tls] > >> type = transport > >> protocol = tls > >> method = tlsv1_2 > >> cipher = > >> ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES > >> 128 > >> -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE- > >> RSA- AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 > >> cert_file = /etc/letsencrypt/live/specialdomain.com/fullchain.pem > >> priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem > > > > Thanks, it still says > > > > > > SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines- > > ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937 > > I guess I should have been more clear before - with the above settings > TLS works for other phones, I hadn't tried with Wave. > > I downloaded Wave for iOS and played around a bit and stumbled on a > working configuration. Wave seems to only support TLS 1.0 which is > problematic itself but it is what it is. > > I set up Asterisk 16 on a VM in AWS to test which you can try as well if > you like: > > Domain: sip.seanbright.com > Username: asterisk > Password: asterisk > > Calls are SRTP if offered, and the number dialed just needs to be 1 or > more digits. This is the configuration I ended up with: > > [transport-tls] > type = transport > protocol = tls > method = tlsv1 > cert_file = /etc/letsencrypt/live/sip.seanbright.com/fullchain.pem > priv_key_file = /etc/letsencrypt/live/sip.seanbright.com/privkey.pem > bind = 0.0.0.0:5061 > external_media_address = 52.91.86.158 > external_signaling_address = 52.91.86.158
Ok, I created a new certificate and it still doesn't work with your transport. Is Centos 7 too old to run asterisk on? Is the android device I'm using too old? Why did it work before changing from SIP to PJSIP? Do I need to do anything special when creating the certificate? -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users