search for: priv_key_file

...DSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128 > -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA- > AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 > cert_file = /etc/letsencrypt/live/specialdomain.com/fullchain.pem > priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem Thanks, it still says SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines- ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937 Why does it even say ssl3 despite tlsv1_2 is set? Is there a w...

Hi, after switching from chan_sip to chan_pjsip, a device running Grandstream Wave leads to the following error message on the asterisk console: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines- ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:43357 Something with the encryption must have changed with asterisk. How can I get the device to

...NG[14733]: pjsip:0 <?>: tsx0x7f53a8008 Failed to send Request msg OPTIONS/cseq=31917 (tdta0x7f53c000dcb0)! err=120111 (Connection refused) someone has had good results with tls my config [transport-tls] type=transport protocol=tls bind=0.0.0.0:5061 cert_file=/etc/asterisk/keys/asterisk.crt priv_key_file=/etc/asterisk/keys/asterisk.key method=tlsv1 [XXXX] type=endpoint context=XX-Xip disallow=all allow=ulaw allow=alaw transport=transport-tls direct_media=no force_rport=yes rtp_symmetric=yes mailboxes=XXXX at default auth=XXXX aors=XXXX media_encryption=sdes dtmfmode=rfc4733 regardss -- rickygm...

...a sanity check of my pjsip.conf file, and what could be causing this. A test call form Twilio?s system hits the PBX (over TLS), but always says ?No matching endpoint found? in the asterisk log. pjsip.conf [transport-tls] type = transport protocol = tls bind = 0.0.0.0:5061 cert_file=cert_file priv_key_file=key_file method=tlsv1 external_media_address=X.Y.Z.D external_signaling_address=X.Y.Z.D verify_client=no verify_server=no allow_reload=yes [twilio](!) type=endpoint transport=transport-tls context=from-twilio disallow=all allow=ulaw dtmf_mode=inband media_encryption=sdes rtp_symmetric=yes rewrite_...

Hey guys,tried to make tls work with pjsip on asterisk 13.2.0 have compiled pjsip with ssl, added transport [tls] type=transport cert_file=/pbx/keys/server.crt ca_list_file=/pbx/keys/ca.key priv_key_file=/pbx/keys/server.key protocol=tls bind=192.168.1.4:5061 local_net=192.168.1.0/24 external_media_address=77.77.77.77 external_signaling_address=77.77.77.77 have configured Grandstream GXP1400 to use tis and srtp, server.crt and server.key uploaded to phone ubuntu*CLI> pjsip show transports Tra...

...HA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128 >> -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA- >> AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 >> cert_file = /etc/letsencrypt/live/specialdomain.com/fullchain.pem >> priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem > Thanks, it still says > > > SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines- > ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:54937 I guess I should have been more clear befo...

...point/context = ingressEasybell endpoint/media_encryption = sdes registration/contact_user = extenHW In pjsip.conf is only the transport: [transport-tls] type=transport protocol=tls bind=192.168.3.50:5061 ca_list_file=/etc/pki/tls/certs/ca-bundle.crt cert_file=/etc/asterisk/cert/newc/mycert.pem priv_key_file=/etc/asterisk/cert/newc/mykey.pem After I finally found out that 'pjsip send register *all' should re-register, I tried it while it was still registered, and it said "Re-register all queue". After that, it kept saying that all the registrations are now "Unregistered&quot...

...gt; 10.128.30.239.51126: UDP, length 182 Current pjsip.conf file [transport-tls] type=transport protocol=tls bind=0.0.0.0:5061 local_net=10.50.55.0/24 external_media_address=<scrubbed public ip> external_signaling_address=<scrubbed public ip> cert_file=/etc/asterisk/keys/dev1.crt priv_key_file=/etc/asterisk/keys/dev1.key ca_list_file=/etc/asterisk/keys/ca.crt cipher=AES256-SHA method=tlsv1 ;===============EXTENSION 6001 [6000] type=endpoint context=internal disallow=all allow=ulaw auth=auth6000 aors=6000 direct_media=no rewrite_contact=yes ; necessary if endpoint does not know/regis...

Hello, On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a way to enable HTTPS. Asterisk is running as asterisk:asterisk: asterisk 11097 0.3 6.7 741352 67984 ? Ssl 17:53 0:06 /usr/sbin/asterisk -g -f -p -U asterisk # cat /etc/asterisk/http.conf [general] servername=Asterisk enabled=yes bindaddr=0.0.0.0 bindport=8088 tlsenable=yes tlsbindaddr=0.0.0.0:8089

...=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-16 a=ptime:20 a=maxptime:150 a=sendrecv both phones SPA502, force_rport disabled for tls phone, here is my transports: [tls] type=transport ca_list_file=/pbx/keys/asterisk.pem cert_file=/pbx/keys/asterisk.crt priv_key_file=/pbx/keys/asterisk.key method=sslv23 protocol=tls bind=192.168.1.4:5061 external_media_address=8.8.8.8:5061 external_signaling_address=8.8.8.8:5061 [udp] type=transport protocol=udp bind=192.168.1.4 local_net=192.168.1.0/24 external_media_address=8.8.8.8 external_signaling_address=8.8.8.8 -------...

May I add I could successfully (if pjsip show transports has any meaning) add a PJSIP TLS-transport with: [transport-tls] type=transport protocol=tls bind=0.0.0.0:5061 cert_file=/etc/asterisk/keys/asterisk.crt priv_key_file=/etc/asterisk/keys/asterisk.key method=tlsv1 Le lun. 6 janv. 2020 à 18:33, Olivier <oza.4h07 at gmail.com> a écrit : > Hello, > > On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a > way to enable HTTPS. > Asterisk is running as asterisk:asterisk: &g...

...her        = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 cert_file     = /etc/letsencrypt/live/specialdomain.com/fullchain.pem priv_key_file = /etc/letsencrypt/live/specialdomain.com/privkey.pem Kind regards, Sean

...ier <oza.4h07 at gmail.com> a écrit : > May I add I could successfully (if pjsip show transports has any meaning) > add a PJSIP TLS-transport with: > > [transport-tls] > type=transport > protocol=tls > bind=0.0.0.0:5061 > cert_file=/etc/asterisk/keys/asterisk.crt > priv_key_file=/etc/asterisk/keys/asterisk.key > method=tlsv1 > > Le lun. 6 janv. 2020 à 18:33, Olivier <oza.4h07 at gmail.com> a écrit : > >> Hello, >> >> On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a >> way to enable HTTPS. >> Asteri...

Hi, how do I make a bug report? I filled in the form to make a report and https://issues.asterisk.org/jira/issues/?filter=-2 still shows no issues reported by me. If someone knows how to get asterisk to re-register when using pjsip after the registration shows as Rejected, like after the internet connection to the VOIP provider goes away (and comes back), please let me know. This bug makes

...as well, but for now I'll start with this. Asterisk is behind a shorewall firewall on a private natted network. It has a single interface eth0. Relevant pjsip.conf: [transport-tls-nat] type=transport protocol=tls method=sslv23 ;sslv23 enables tls1.2 because reasons cert_file=XXX ;removed priv_key_file=XXX ;removed bind=0.0.0.0:5061 external_media_address=x.x.x.x ;public ip external_signaling_address=x.x.x.x ;public ip local_net=192.168.0.0/16 [endpoint-common](!) type=endpoint context=users disallow=all allow=g722,ulaw,h264 dtmf_mode=info [endpoint-sdes](!) media_encryption=sdes [aor-common](...

...t : > >> May I add I could successfully (if pjsip show transports has any meaning) >> add a PJSIP TLS-transport with: >> >> [transport-tls] >> type=transport >> protocol=tls >> bind=0.0.0.0:5061 >> cert_file=/etc/asterisk/keys/asterisk.crt >> priv_key_file=/etc/asterisk/keys/asterisk.key >> method=tlsv1 >> >> Le lun. 6 janv. 2020 à 18:33, Olivier <oza.4h07 at gmail.com> a écrit : >> >>> Hello, >>> >>> On a newly re-installed Asterisk 16.7.0 on Debian Buster, I can't find a >>> way...

Well, what immediately stands out is: "FILE * open failed!" Have you triple checked that the full filepath is correct and that the user that Asterisk is running as has full permissions to access your valid certificate file? I have it working with microsip and a free TLS cert from LetsEncrypt. When I get to the PC with that on, I can write up what settings I've got if that helps?

...cert.pem cipher : cos : 0 domain : external_media_address : external_signaling_address : external_signaling_port : 0 local_net : method : tlsv1 password : priv_key_file : protocol : tls require_client_cert : No tos : CS0 verify_client : No verify_server : No And this is the relevant SIP data exchange (with public IP hidden): *CLI> <--- Received SIP request (24...