Chansip TLS 1.2

With TLS 1.0 and 1.1 depreciated we can no longer get TLS certs for those.
On ChanSip is the correct way to implement TLS 1.2 by doing tlsclientmethod=sslv23 in sip generaladditional config? and will that work?? The GUI doesn’t appear to change but is this the correct way to do it? and will freepbx versions suppor that?

This was documented back as far as 2016

tlsclientmethod=tlsv1 ; values include tlsv1, sslv3, sslv2.
; Specify protocol for outbound client connections.
; If left unspecified, the default is the general-
; purpose version-flexible SSL/TLS method (sslv23).
; With that, the actual protocol version used will
; be negotiated to the highest version mutually
; supported by Asterisk and the remote server, i.e.
; TLSv1.2. The supported protocols are listed at
; /docs/manmaster/man3/SSL_CTX_new.html
; SSLv2 and SSLv3 are disabled within Asterisk.
; Your distribution might have changed that list
; further.

Also has anyone experienced specific phones with older firmware that don’t support TLS 1.2?

SSLv anything is dead. TLSv1 is what is needed. As for phones that cant support 1.2 or current TLS, they wont work with TLSv1.2

Also, stop using chan_sip.

1 Like

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.