Re: [Linphone-users] TLS handshake failiure

linphone-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-users] TLS handshake failiure

From:	Peio Rigaux
Subject:	Re: [Linphone-users] TLS handshake failiure
Date:	Tue, 14 Sep 2021 18:50:00 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.1.0

Hello.

By default we use our own rootca file embedded in linphone-sdk.

If you didn't modify it, there is a chance that Sectigo certs are not trusted by the root certificates we use, or that there is a configuration issue on the server side.

I updated the rootca 3 or 4 month ago, so this is not likely an update issue.

The quickest for you would be to pick a certificate from another provider, at least to test.

Regards,

Peio Rigaux
Junior DevOps Engineer
Belledonne Communications, the company behind Linphone
Linphone.org

Le 09/09/2021 à 00:59, Trent Creekmore a écrit :

FreePBX already sends the whole certificate chain. I have the latest Windows Phone client using it on another FreePBX system which gets updated certificates from Let's Encrypt every three months, and I have not had a single issue.

I also updated the client on Android to 4.5.2 from 4.5.1.

Not sure how to check the Android client to check "if the Sectigo RSA Domain Validation Secure Server CA is installed on the Android client."

I went ahead and connected by UDP for now, but would prefer to get TLS functioning.

Thanks.

On 9/8/21 11:13 AM, Dennis Filder wrote:

On Tue, Sep 07, 2021 at 04:22:18PM -0500, Trent Creekmore wrote:

Well, SSL is used for https.

In FreePBX it has a Certificate manager which allows the use of
certificates, not only for SSL in the PBX web interface, but also be used
for TLS in SIP..

As I have mentioned when first set up this TLS connection some months ago,
it was connecting. Certificate still valid.

I did not mention I am using Android client.

Here is more of the log (redacted a bit)

2021-09-07 14:06:08:999 [org.linphone/belle-sip] MESSAGE Trying to connect
to [TLS://::ffff:2myIP Address:5061]
(...)
2021-09-07 14:06:09:181 [org.linphone/belle-sip] ERROR Cannot connect to
[TLS://pbx.domain:5061]
2021-09-07 14:06:09:181 [org.linphone/belle-sip] MESSAGE
channel[0x784aec40]: entering state ERROR

Nothing here clues me in further. I can just reiterate:

* Check if the Sectigo RSA Domain Validation Secure Server CA is
   installed on the Android client and that the fingerprints are
   identical.

* Try if you can configure FreePBX to send the entire certificate
   chain.

* Beyond that you will have to look at the wire and/or try your luck
   with s_client.

Regards.

_______________________________________________
Linphone-users mailing list
Linphone-users@nongnu.org
https://lists.nongnu.org/mailman/listinfo/linphone-users

_______________________________________________
Linphone-users mailing list
Linphone-users@nongnu.org
https://lists.nongnu.org/mailman/listinfo/linphone-users

OpenPGP_0x99D28356FED78143.asc
Description: OpenPGP public key

OpenPGP_signature
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Linphone-users] TLS handshake failiure, Trent Creekmore, 2021/09/07
- [Linphone-users] TLS handshake failiure, Dennis Filder, 2021/09/07
  - Re: [Linphone-users] TLS handshake failiure, Trent Creekmore, 2021/09/07
    - [Linphone-users] TLS handshake failiure, Dennis Filder, 2021/09/08
    - Re: [Linphone-users] TLS handshake failiure, Trent Creekmore, 2021/09/08
    - Re: [Linphone-users] TLS handshake failiure, Peio Rigaux <=

Prev by Date: Re: [Linphone-users] Which C compiler and other tools are used in the Windows desktop build?
Next by Date: Re: [Linphone-users] [Linphone-developers] Announce: Linphone Desktop 4.3 spotted
Previous by thread: Re: [Linphone-users] TLS handshake failiure
Next by thread: Re: [Linphone-users] Contacts on an Android device
Index(es):
- Date
- Thread