SIP TLS Not Working, Asterisk 16.9.0

Home » Asterisk Users » SIP TLS Not Working, Asterisk 16.9.0
Asterisk Users 2 Comments

Hi,

I have problems with SIP via TLS. Asterisk works as a client. The TCP
connection is established, followed by a client hello from Asterisk to the server. The server sends Server Hello, Certificate, Server Key Exchange and Server Hello Done.

Than Asterisk sends back a Alert (Level: Fatal, Description Handshake Failure). The following line appears in the log:

ast_iostream_start_tls: Problem setting up ssl connection:
error:00000001:lib(0):func(0):reason(1), Internal SSL error

Asterisk version is 16.9.0, openssl is 1.1.1d-0+deb10u2 of debian Buster.

The configuration works with Asterisk 11.25 and openssl 1.0.1.

Any hints on how to find the error?

Best regards,

Karsten

2 thoughts on - SIP TLS Not Working, Asterisk 16.9.0

  • Hi Karsten,

    Something in that packet seems to be unacceptable for openssl 1.1.1d as it is compiled and configured for Buster.

    Certificate length, Digest algorithm, …

    You my change the system default settings at the bottom of
    “/etc/ssl/openssl.cnf”, restart asterisk and try again. Keep in mind that this will affect the whole server.


    Stefan Tichy ( asterisk3 at pi4tel dot de )

  • Hi Stefan,

    thanks a lot. It is working now.

    Best regards,

    Karsten

    Am Freitag, den 01.05.2020, 18:40 +0200 schrieb Stefan Tichy: