search for: tlsv1_2

...> cert_file = /etc/asterisk/cert/asterisk.pem > > ca_list_file = /etc/pki/tls/certs/ca-bundle.crt > > method = sslv23 > > This is what mine looks like which works just fine: > > [transport-tls] > type = transport > protocol = tls > method = tlsv1_2 > cipher = > ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128 > -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA- > AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 > cert_file = /etc/letsencrypt/live/sp...

Hi, after switching from chan_sip to chan_pjsip, a device running Grandstream Wave leads to the following error message on the asterisk console: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines- ssl3_get_client_hello-no shared cipher> len: 0 peer: 10.10.20.29:43357 Something with the encryption must have changed with asterisk. How can I get the device to

Hello Steve, use the following configuration for the transport and bind this transport to the trunk: [transport_name] type=transport protocol=tls bind=192.168.13.24 ; your bind IP ca_list_file=/etc/pki/tls/certs/ca-bundle.crt ; method=tlsv1_2 verify_server=yes allow_reload=no ;tos=0xb8 ;cos=3 external_media_address=your.ext.host.name ; hostname pointing to your ext. IP external_signaling_address=your.ext.host.name ; hostname pointing to your ext. IP local_net=192.168.0.0/24 # your local net Regards Michael On 07.04.23 at 17:25 Stev...

...r wrote: > Hello Steve, > > use the following configuration for the transport and bind this > transport to the trunk: > > [transport_name] > type=transport > protocol=tls > bind=192.168.13.24 ; your bind IP > ca_list_file=/etc/pki/tls/certs/ca-bundle.crt > ; method=tlsv1_2 > verify_server=yes > allow_reload=no > ;tos=0xb8 > ;cos=3 > external_media_address=your.ext.host.name ; hostname pointing to your > ext. IP > external_signaling_address=your.ext.host.name ; hostname pointing to > your ext. IP > local_net=192.168.0.0/24 # your local net...

...tls > bind = 0.0.0.0:5061 > tos = cs5 > cert_file = /etc/asterisk/cert/asterisk.pem > ca_list_file = /etc/pki/tls/certs/ca-bundle.crt > method = sslv23 This is what mine looks like which works just fine: [transport-tls] type          = transport protocol      = tls method        = tlsv1_2 cipher        = ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 cert_file     = /etc/letsencrypt/live/specialdomain.com/fullchain....

On 1/23/2020 6:04 PM, hw wrote: >> This is what mine looks like which works just fine: >> >> [transport-tls] >> type = transport >> protocol = tls >> method = tlsv1_2 >> cipher = >> ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128 >> -GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA- >> AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 >> cert_file = /etc...

I want to configure communication with my phone provider using TLS for all the obvious reasons. Since I'm behind a firewall, I'll be needing to do it with NAT. There are examples of UDP plus NAT in pjsip.conf, but none for TLS plus NAT. Would it be correct to set up the TLS transport stanza to look like the [transport-udp-nat] stanza example, replacing UDP with TLS in lines like

On Fri, 16 Sep 2022, Jim Klimov via Nut-upsuser wrote: > Hello all, > ? Here's a PR I want to ask community about: should NUT clients like upsc report (log!) or hide the infamous 'Init SSL without certificate > database' message? How should upsc be used in order to get SSL/TLS protection? There is no configuration file with a CERTFILE declaration. Is there some other way

On Fri, 16 Sep 2022, Jim Klimov via Nut-upsuser wrote: > Hello all, > ? Here's a PR I want to ask community about: should NUT clients like upsc report (log!) or hide the infamous 'Init SSL without certificate > database' message? How should upsc be used in order to get SSL/TLS protection? There is no configuration file with a CERTFILE declaration. Is there some other way