Debugging TLS problems

From MiRTA PBX documentation
Revision as of 20:42, 14 September 2024 by Admin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

There is a problem with CentOS 9 and TLS with Asterisk. These tools may help to identify the issue

List all the ciphers available 

 openssl ciphers -v

Check the ciphers available on a SSL server 

 openssl s_client -connect pbx.mirtapbx.com:5061 -cipher ALL

Check the protocols available on SSL server 

 testssl.sh pbx.mirtapbx.com:5081

To check for the ciphers available on a client, dump the packets with tshark 

 tshark -i eth0 -w /var/www/html/tls.pcap -s 1500 -f 'host 176.206.10.252 and port 5061'

And then process in wireshark using the ssl.handshake filter. Look for the Secure Socket Layer section

Enable LEGACY support 

  update-crypto-policies --set LEGACY

Check support level 

  update-crypto-policies --show

In pjsip.conf now you can use 

 method=tlsv1_2
 cipher=DEFAULT,@SECLEVEL=1
Retrieved from "http://www.mirtapbx.com/manual/index.php?title=Debugging_TLS_problems&oldid=1874"