Asteirsk 1.8 + TLS + SPA2102

Get help with installing, upgrading and running Asterisk.

Moderators: muppetmaster, Moderator, Support

Asteirsk 1.8 + TLS + SPA2102

Postby vois » Mon Dec 13, 2010 4:29 pm

Hi All,
I am trying to configure Asterisk 1.8.1 box with TLS. I followed the http://www.voip-info.org/wiki/view/SIP+TLS and i got all working. I am able to use TLS with softphones (phonelite) but when i am trying to use SPA2102 i am getting following error:
== Problem setting up ssl connection: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Dec 12 13:24:04 WARNING12803: tcptls.c:218 handle_tcptls_connection: FILE * open failed!

Some one please help me out. I need quick response, please help.
vois
Newsterisk
 
Posts: 30
Joined: Wed Mar 19, 2008 1:46 pm

Re: Asteirsk 1.8 + TLS + SPA2102

Postby malcolmd » Tue Dec 14, 2010 9:07 am

Howdy,

Try tlsv1 instead of the sslv3 as the TLS protocol that you configure on the SPA2102.
malcolmd
Moves Like Spencer
 
Posts: 2685
Joined: Wed Aug 03, 2005 3:53 pm
Location: Huntsville, AL, US

Re: Asteirsk 1.8 + TLS + SPA2102

Postby vois » Tue Dec 14, 2010 10:16 am

Thanks for your reply.

SPA2102 has only one option for TLS i can choose from under sip settings.

Image

Please suggest.
vois
Newsterisk
 
Posts: 30
Joined: Wed Mar 19, 2008 1:46 pm

Re: Asteirsk 1.8 + TLS + SPA2102

Postby malcolmd » Tue Dec 14, 2010 10:35 am

So the SPA2102 doesn't support TLSv1? Is there a firmware upgrade that offers this support?
malcolmd
Moves Like Spencer
 
Posts: 2685
Joined: Wed Aug 03, 2005 3:53 pm
Location: Huntsville, AL, US

Re: Asteirsk 1.8 + TLS + SPA2102

Postby malcolmd » Tue Dec 14, 2010 10:45 am

This thread:
https://cisco-support2.uat3.hosted.jive ... 021542.pdf

Indicates some problem with the SPA2102 in supporting SRTP for non-Cisco equipment. This is not TLS support, but it points to the SPA2102 not being a good device for secure calling, since enabling TLS without SRTP isn't totally effective - your calls are still vulnerable to snooping by anyone who captures the RTP.

Cheers.
malcolmd
Moves Like Spencer
 
Posts: 2685
Joined: Wed Aug 03, 2005 3:53 pm
Location: Huntsville, AL, US

Re: Asteirsk 1.8 + TLS + SPA2102

Postby vois » Tue Dec 14, 2010 1:01 pm

thanks for your help. I got it fixed, i commented ;tlscipher=DES-CBC3-SHA in sip.conf and SPA2102 is working with tlsv1. We traced the packets also, server and SPA can communicate with using TLS.

If any one need SPA2102 working with asterisk + TLS, please follow link i posted in my first post but just do not add tlscipher=DES-CBC3-SHA or comment it out.
Last edited by vois on Tue Dec 14, 2010 2:49 pm, edited 3 times in total.
vois
Newsterisk
 
Posts: 30
Joined: Wed Mar 19, 2008 1:46 pm

Re: Asteirsk 1.8 + TLS + SPA2102

Postby malcolmd » Tue Dec 14, 2010 1:10 pm

Good to know, thanks. :)
malcolmd
Moves Like Spencer
 
Posts: 2685
Joined: Wed Aug 03, 2005 3:53 pm
Location: Huntsville, AL, US


Return to Asterisk Support

Who is online

Users browsing this forum: No registered users and 31 guests