TLS 1-3 set on trunk but Client Hello stills shows TLS 1-2

Hi,

I’ve upgraded sipsettings to the latest version v17.0.6.9 which added tlsv1_3 to the GUI drop down as per my feature request but the tls ‘client hello’ from Freepbx still seems to show TLS version as 1.2

I’m running Freepbx v17

Is there something else I need to configure?

Thanks

Tony

A client hello with 1.3 will look like a 1.2 hello. Here’s a blog post with a walkthrough of the handshake:

https://commandlinefanatic.com/cgi-bin/showarticle.cgi?article=art080

Take a gander at the supported_versions extension specifically in the client hello.

Thanks I’ve take a look.
I’m registering to an Oracle SBC configured for either ‘compatibility’, which should negotiate to tls1.3 or just straight set to tls 1,3 and the trunk never registers and asterisk shows the following error:

[2024-10-03 11:39:42] WARNING[10748]: pjproject: <?>: SSL SSL_ERROR_SSL (Handshake): Level: 0 err: <167773200> <error:0A000410:SSL routines::sslv3 alert handshake failure> len: 0 peer: x.x.x.x:5061

You’ll need to look at the TLS Negotiation further then, including certificates, and see if the SBC can provide any further information too.

Thanks

thanks, getting somewhere. At TLS 1.2 there is a list of 28 ciphers but with TLS 1.3 there is only a list of 4 and I believe the SBC couldn’t agree on any of those