Debugging TLS problems: Difference between revisions
Jump to navigation
Jump to search
(Created page with "There is a problem with CentOS 9 and TLS with Asterisk. These tools may help to identify the issue List all the ciphers available openssl ciphers -v Check the ciphers available on a SSL server openssl s_client -connect pbx.mirtapbx.com:5061 -cipher ALL Check the protocols available on SSL server testssl.sh pbx.mirtapbx.com:5081 To check for the ciphers available on a client, dump the packets with tshark tshark -i eth0 -w /var/www/html/tls.pcap -s 1500 -...") |
No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 18: | Line 18: | ||
And then process in wireshark using the ssl.handshake filter. Look for the Secure Socket Layer section | And then process in wireshark using the ssl.handshake filter. Look for the Secure Socket Layer section | ||
Enable LEGACY support | |||
update-crypto-policies --set LEGACY | |||
Check support level | |||
update-crypto-policies --show | |||
In pjsip.conf now you can use | |||
method=tlsv1_2 | |||
cipher=DEFAULT,@SECLEVEL=1 | |||
Latest revision as of 20:42, 14 September 2024
There is a problem with CentOS 9 and TLS with Asterisk. These tools may help to identify the issue
List all the ciphers available
openssl ciphers -v
Check the ciphers available on a SSL server
openssl s_client -connect pbx.mirtapbx.com:5061 -cipher ALL
Check the protocols available on SSL server
testssl.sh pbx.mirtapbx.com:5081
To check for the ciphers available on a client, dump the packets with tshark
tshark -i eth0 -w /var/www/html/tls.pcap -s 1500 -f 'host 176.206.10.252 and port 5061'
And then process in wireshark using the ssl.handshake filter. Look for the Secure Socket Layer section
Enable LEGACY support
update-crypto-policies --set LEGACY
Check support level
update-crypto-policies --show
In pjsip.conf now you can use
method=tlsv1_2 cipher=DEFAULT,@SECLEVEL=1