Re: [asterisk-users] SIP TLS not working, Asterisk 16.9.0
Hi Stefan, thanks a lot. It is working now. Best regards, Karsten Am Freitag, den 01.05.2020, 18:40 +0200 schrieb Stefan Tichy: > Hi Karsten, > > > On Thu, Apr 30, 2020 at 05:50:39PM +0200, Karsten Wemheuer wrote: > > > > The server sends Server Hello, Certificate, Server Key > > Exchange and Server Hello Done. > Something in that packet seems to be unacceptable for openssl 1.1.1d > as it is compiled and configured for Buster. > > Certificate length, Digest algorithm, ... > > > You my change the system default settings at the bottom of > "/etc/ssl/openssl.cnf", restart asterisk and try again. Keep in > mind that this will affect the whole server. > > > > > -- > Stefan Tichy ( asterisk3 at pi4tel dot de ) > -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] SIP TLS not working, Asterisk 16.9.0
Hi Karsten, On Thu, Apr 30, 2020 at 05:50:39PM +0200, Karsten Wemheuer wrote: > The server sends Server Hello, Certificate, Server Key > Exchange and Server Hello Done. Something in that packet seems to be unacceptable for openssl 1.1.1d as it is compiled and configured for Buster. Certificate length, Digest algorithm, ... You my change the system default settings at the bottom of "/etc/ssl/openssl.cnf", restart asterisk and try again. Keep in mind that this will affect the whole server. -- Stefan Tichy ( asterisk3 at pi4tel dot de ) -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] SIP TLS not working, Asterisk 16.9.0
Hi, I have problems with SIP via TLS. Asterisk works as a client. The TCP connection is established, followed by a client hello from Asterisk to the server. The server sends Server Hello, Certificate, Server Key Exchange and Server Hello Done. Than Asterisk sends back a Alert (Level: Fatal, Description Handshake Failure). The following line appears in the log: ast_iostream_start_tls: Problem setting up ssl connection: error:0001:lib(0):func(0):reason(1), Internal SSL error Asterisk version is 16.9.0, openssl is 1.1.1d-0+deb10u2 of debian Buster. The configuration works with Asterisk 11.25 and openssl 1.0.1. Any hints on how to find the error? Best regards, Karsten -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
