Debugging TLS problems: Difference between revisions

From MiRTA PBX documentation
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 26: Line 26:


   update-crypto-policies --show
   update-crypto-policies --show
In pjsip.conf now you can use
  method=tlsv1_2
  cipher=DEFAULT,@SECLEVEL=1

Latest revision as of 20:42, 14 September 2024

There is a problem with CentOS 9 and TLS with Asterisk. These tools may help to identify the issue

List all the ciphers available

 openssl ciphers -v

Check the ciphers available on a SSL server

 openssl s_client -connect pbx.mirtapbx.com:5061 -cipher ALL

Check the protocols available on SSL server

 testssl.sh pbx.mirtapbx.com:5081

To check for the ciphers available on a client, dump the packets with tshark

 tshark -i eth0 -w /var/www/html/tls.pcap -s 1500 -f 'host 176.206.10.252 and port 5061'

And then process in wireshark using the ssl.handshake filter. Look for the Secure Socket Layer section

Enable LEGACY support

  update-crypto-policies --set LEGACY

Check support level

  update-crypto-policies --show

In pjsip.conf now you can use

 method=tlsv1_2
 cipher=DEFAULT,@SECLEVEL=1