Cisco SPA504G doesn't connect through TLS/SRTP

wesley9946 · February 2, 2022, 10:43pm

Hi there,

I’m trying to connect my Cisco SPA504G to my FreePBX over TLS/SRTP, but it doesn’t register: “Failed (Not Reachable)”

This is what I see in asterisk -rvvv when the phone tries to register every 30 sec

WARNING[2326]: pjproject: <?>:                       SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900> <SSL routines-SSL23_GET_CLIENT_HELLO-unknown protocol> len: 0

Settings applied on the Cisco phone:
SRTP method: s-descriptor
SIP Transport: TLS (with the TLS address of my FreePBX)
Secure Call: enabled

Does anybody know how to fix this?

billsimon · February 2, 2022, 11:07pm

“Unknown protocol” looks like a TLS version mismatch. How old is your phone’s firmware? What TLS version did you set on FreePBX?

wesley9946 · February 2, 2022, 11:10pm

The phone is running firmware version 7.6.2g, (released on Oct 28 2020) FreePBX has been set to TLS 1.2 with a Let’s Encrypt cert.

BlazeStudios · February 2, 2022, 11:25pm

Yeah but I dont think the SPA504G supports TLS 1.2 and LE ripped out anything less than that last year.

The old SPA devices will not work with current TLS certs/setups.

wesley9946 · February 2, 2022, 11:34pm

Yeah, I did see on Cisco’s product page about it that it was release in 2009 and that they still support it to this day what the hecc

So… I’m now eyeballing on a Yealink SIP-T33P

sorvani · February 4, 2022, 6:25pm

At least that model is not EoL.

system · February 11, 2022, 6:26pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.