Bug#966636: asterisk: after upfgrade from buster, no sip connections succeed due to silent ls 1.3 requirement
Bernhard Schmidt
berni at debian.org
Fri Jul 31 22:46:14 BST 2020
Control: tags -1 confirmed
Hi,
> after upgrading the asterisk version from buster to testing, the pjsip channel no longer accepts any connections, due to:
>
> SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <337678594> <SSL routines-tls_early_post_process_client_hello-unsupported protocol>
>
> as it turns out, this is because the new asterisk version enforces a minimum tls version of 1.3, i.e., clients connecting with tls 1.2 (all of them for us, as this includes android) can no longer connect.
>
> There doesn't seem to be a way to confifgure this in pjsip.conf, at least not a documented way, and even drastic workarounds such as method=sslv23 do not help.
Confirmed. I will test with 16.12.0 and report the bug upstream if it is
still there.
method=tlsv1_2
seems to accept both TLSv1.2 and TLSv1.3 as a workaround.
Bernhard
More information about the Pkg-voip-maintainers
mailing list