Debugging TLS problems

From MiRTA PBX documentation
Revision as of 19:28, 28 June 2024 by Admin (talk | contribs) (Created page with "There is a problem with CentOS 9 and TLS with Asterisk. These tools may help to identify the issue List all the ciphers available openssl ciphers -v Check the ciphers available on a SSL server openssl s_client -connect pbx.mirtapbx.com:5061 -cipher ALL Check the protocols available on SSL server testssl.sh pbx.mirtapbx.com:5081 To check for the ciphers available on a client, dump the packets with tshark tshark -i eth0 -w /var/www/html/tls.pcap -s 1500 -...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

There is a problem with CentOS 9 and TLS with Asterisk. These tools may help to identify the issue

List all the ciphers available 

 openssl ciphers -v

Check the ciphers available on a SSL server 

 openssl s_client -connect pbx.mirtapbx.com:5061 -cipher ALL

Check the protocols available on SSL server 

 testssl.sh pbx.mirtapbx.com:5081

To check for the ciphers available on a client, dump the packets with tshark 

 tshark -i eth0 -w /var/www/html/tls.pcap -s 1500 -f 'host 176.206.10.252 and port 5061'

And then process in wireshark using the ssl.handshake filter. Look for the Secure Socket Layer section

Retrieved from "http://www.mirtapbx.com/manual/index.php?title=Debugging_TLS_problems&oldid=1865"