Cisco SPA504G doesn't connect through TLS/SRTP

Hi there,

I’m trying to connect my Cisco SPA504G to my FreePBX over TLS/SRTP, but it doesn’t register: “Failed (Not Reachable)”

This is what I see in asterisk -rvvv when the phone tries to register every 30 sec

WARNING[2326]: pjproject: <?>:                       SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900> <SSL routines-SSL23_GET_CLIENT_HELLO-unknown protocol> len: 0

Settings applied on the Cisco phone:
SRTP method: s-descriptor
SIP Transport: TLS (with the TLS address of my FreePBX)
Secure Call: enabled

Does anybody know how to fix this?

“Unknown protocol” looks like a TLS version mismatch. How old is your phone’s firmware? What TLS version did you set on FreePBX?

The phone is running firmware version 7.6.2g, (released on Oct 28 2020) FreePBX has been set to TLS 1.2 with a Let’s Encrypt cert.

Yeah but I dont think the SPA504G supports TLS 1.2 and LE ripped out anything less than that last year.

The old SPA devices will not work with current TLS certs/setups.

Yeah, I did see on Cisco’s product page about it that it was release in 2009 and that they still support it to this day what the hecc :joy:

So… I’m now eyeballing on a Yealink SIP-T33P

At least that model is not EoL.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.