How To Enable TLS Debugging Or Verbose Logging With Pjsip
Dear List
I try to get my clients to connect via TLS. First I did try Snom M9
phones. After looking at the Wireshark TLSv1 Handhake it became obvious, that the M9 only supports old RC4 and similar ciphers, that are not supported by openssl anymore.
So now I get my hands on a Cisco SPA112 ATA, which is also TLS capable and does support a very nice long cipher list.
I use the same key and cert as for my webserver, which runs on the same machine and thus has a valid CN in the cert. But anyway, the SPA112
does not check the Cert, as I found via google.
My transport looks like this:
[transport-tls]
type=transport protocol=tls bind=0.0.0.0:5061
cert_file=/etc/apache2/server.crt
priv_key_file=/etc/apache2/server.key
;cipher=ADH-AES256-SHA,ADH-AES128-SHA
method=tlsv1
tos=cs3
cos=3
allow_reload=yes
Wireshark states ‘TLSv1 Handshake Error’ from the Asterisk Server as soon as the client has sent it’s cipher list.
I have enabled core verbose and debug on the asterisk, but I see nothing.
Is there a way to enable some sort of tls debugging on asterisk or chan_pjsip?
PS: Side Question: Is there a way to specify media_encryption to be optional? I try to solve one step at the time 🙂
Mit freundlichen Grüssen
-Benoît Panizzon-
—
I m p r o W a r e A G – Leiter Commerce Kunden
One thought on - How To Enable TLS Debugging Or Verbose Logging With Pjsip
Well, when testing with:
$ openssl s_client -connect tls-host:5061
I get a successfull TLS handshake and connection.
So I suppose asterisk is configured correctly with TLS. I did re-check the cipher list and also this seems to match on the SPA112 and Asterisk.
So I am puzzled why the SPA112 cannot connect via TLS. Any hints?
Mit freundlichen Grüssen
-Benoît Panizzon-
—
I m p r o W a r e A G – Leiter Commerce Kunden