Hi, for the last few days having issues with extensions using TLS.
My Bria and another extension using Bria cannot register. My phone says 408 timeout, the other Bria says ‘503 No Shared TLS Cipher’
Another remote extension using Bria has the following showing up in cli>
WARNING: pjproject: <?>: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <336027900> len: 0 peer:
The Freepbx server has valid Sectigo SSL certificate for its FQDN. Certificate Management displays: Valid Until 2022-06-13 (135 days)
Deleted the certificate and noticed in /etc/asterisk/keys/integrations the 3 files were still present even though the certificate was deleted. Put back the certificate, key and ca-bundle in Certificate Management.
We have slightly different setup in that 5060/5061 = chan_sip and 5160/5161 = pjsip. I don’t see how that really would be causing this TLS issue.
SRTP seems to be working though.
Openssl connection attempt to PJSIP TLS port 5161
openssl s_client -showcerts -connect XX.XX.XX.XX:5161
140446832570816:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:…/ssl/record/rec_layer_s3.c:1528:SSL alert number 40
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Rrunning same openssl command but change to port 5061 it shows the certificate
openssl s_client -showcerts -connect xx.xx.xx.xx:5061
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
depth=0 CN = FQDN
0 s:CN = FQDN
i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
Asterisk version: 18.6.0
PBX version: 12.7.8-2107-3.sng7
Thanks for any help with this issue.