Grandstream GXP2135 not able to connect when choosing anything higher than TLS1.0

I have a GXP2135 which is working in TLS mode connecting to my FreePBX 18. But, it only works if I go into the phone interface and reduce the minimum version of TLS to 1.0. If I choose 1.1 or 1.2, the phone won’t register and I get errors on the pbx side similar to:
WARNING[2424] pjproject: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336130315> len: 0 peer: x.x.x.x

I’ve seen some posts that said changing the the TLS version from Default to 1.1 or 1.2 in Advanced can solve this, but didn’t for me.

I do not have CHAN_SIP installed (although it was enabled one point, I have made sure the ports don’t match pjsip)

PBX is built from OOB distro from Sangoma (around 3 months ago.) All updates applied.

Any thoughts on what my next troubleshooting step to bring the phone at least to 1.1 (1.2 preferred) would be appreciated.

  1. Check the TLS settings on your FreePBX server. Make sure that TLS 1.1 and 1.2 are enabled and that the server’s SSL certificate is valid and trusted by the phone. You can check this by running the following command on your FreePBX server: openssl s_client -connect <your-pbx-ip>:5061 -tls1_2. This will attempt to establish a TLS 1.2 connection to your PBX and display the server’s SSL certificate. If there are any errors or warnings, you may need to fix those before the phone can successfully connect using TLS 1.2.
  2. Check the TLS settings on your GXP2135 phone. Make sure that TLS 1.1 and 1.2 are enabled and that the phone’s SSL certificate is valid and trusted by the PBX. You can check this by going to the phone’s web interface and navigating to the “Security” section. Make sure that “Use TLS” is enabled and that the “Minimum TLS Version” is set to “TLSv1.1” or “TLSv1.2”. You may also need to import the PBX’s SSL certificate into the phone’s certificate store.
  3. Try using a different SIP client to connect to the PBX, such as Zoiper or X-Lite, to see if the problem is specific to the GXP2135 phone or if it is a more general issue with the PBX’s TLS configuration.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.