My certificate expired. I updated it as per this process:
admin > certificate mgmt > clicked “New certificate” > entered cert name and details > checked as default once created.
Then I did this:
settings > asterisk SIP settings > SIP Settings tab > select newly created cert in “certificate manager” drop down > submit
Shortly after this, all endpoints will now only connect via UDP and my logs are filled with this error:
WARNING[3382] pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336109761> <SSL routines-ssl3_get_client_hello-no shared cipher>
My VOIP Trunk is configured with TLS and appears to be working fine; but all endpoints fail over TLS. All endpoints are Windows and Android softphones. This has been working fine for years until this certificate expiration / update issue.
Where can I see which ciphers are enabled and how can I change them? I am following hardening best practices listed here: https://sangomakb.atlassian.net/wiki/spaces/FCD/pages/9699445/FreePBX+Security+Best+Practices
My issue seems very similar to this one: Phones with TLS are not connecting
But the link in the solution no longer works (redirects to default sangoma page - https://sangomakb.atlassian.net/wiki/spaces/Phones/overview).
I found this- Hosted FreePBX Vultr - D65 TLS &SRTP Not Working - #11 by hgaibor but it is talking about changing the SSL Method from Default to tlsv1_2. Where / how can I do this?
Thanks to anyone who is able to help!