asterisk users - Feb 2018 - How to enable TLS debugging or verbose logging with pjsip

Dear List

I try to get my clients to connect via TLS. First I did try Snom M9
phones. After looking at the Wireshark TLSv1 Handhake it became
obvious, that the M9 only supports old RC4 and similar ciphers, that are
not supported by openssl anymore.

So now I get my hands on a Cisco SPA112 ATA, which is also TLS capable
and does support a very nice long cipher list.

I use the same key and cert as for my webserver, which runs on the same
machine and thus has a valid CN in the cert. But anyway, the SPA112
does not check the Cert, as I found via google.

My transport looks like this:

[transport-tls]
type=transport
protocol=tls
bind=0.0.0.0:5061
cert_file=/etc/apache2/server.crt     
priv_key_file=/etc/apache2/server.key 
;cipher=ADH-AES256-SHA,ADH-AES128-SHA
method=tlsv1
tos=cs3
cos=3
allow_reload=yes

Wireshark states 'TLSv1 Handshake Error' from the Asterisk Server as
soon as the client has sent it's cipher list.

I have enabled core verbose and debug on the asterisk, but I see
nothing.

Is there a way to enable some sort of tls debugging on asterisk or
chan_pjsip?

PS: Side Question: Is there a way to specify media_encryption to be
optional? I try to solve one step at the time :-)

Mit freundlichen Gr?ssen

-Beno?t Panizzon-
-- 
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________

Well, when testing with:

$ openssl s_client -connect tls-host:5061

I get a successfull TLS handshake and connection.

So I suppose asterisk is configured correctly with TLS.
I did re-check the cipher list and also this seems to match on the
SPA112 and Asterisk.

So I am puzzled why the SPA112 cannot connect via TLS. Any hints?

Mit freundlichen Gr?ssen

-Beno?t Panizzon-
-- 
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________