How to use TLS 1.2 instead of TLS 1.0/1.1?

I’m using FreePBX
Installed with newest December 2020 FreePBX ISO (STABLE SNG7-PBX-64bit-2011-5)

I’m using chan_sip trunk with Telnyx voip carrier, using TLS.

They sent me an email stating that they are deprecating TLS 1.0 and TLS 1.1 and that I need to switch to TLS 1.2 as they can see the connection is currently using either 1.0 or 1.1

What exactly do I need to change in FreePBX to make the connection use TLS 1.2 instead of 1.0/1.1?

Here is my chan_sip trunk outgoing settings:


And trunk incoming register string:

tls://xxxxxx:[email protected]:5061~300/xxxxxxxxx`

Settings > Asterisk SIP Settings > Chan PJSIP Settings > TLS/SSL/SRTP Settings > SSL Method > tlsv1_2

1 Like

That is pjsip. I’m using chan_sip. What is the method to change it in chan_sip?

Switching to chan_pjsip :slight_smile:


If that is the only option, I’ll do that. I’ve just always used chan_sip and it has always been solid.

This may be of interest:

I realize that link is about server connections, not client. But presumably if it can use TLS 1.3 as server, it can do the same as client.

BTW this is what I get when connecting to one of my PBXs with openssl. Strictly chan_sip, running Asterisk 16.6:

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.