Cause of TLS Handshake failed when attemtpting to make TLS call

2
votes

I am attempting to make a secure call between two virtual machines using pjsua program from pjsip installation. I start the program on each node via :

pjsua-x86_64-unknown-linux-gnu --use-tls

I then enter m to make call and submit : sip:xxx.xxx.xx.x:5061;transport=TLS

On the receiving side I see : Handshake failed in accepting xxx.xxx.xx.x:58392: no shared cipher

On the dialing side I am seeing : Failed to send Request msg INVITE/cseq=17559 (tdta0x1ab89e0)! err=495040 (sslv3 alert handshake failure)

Can anyone help me to understand why this is happening?

1
sslopensslpjsip
What type of key is the server using? If its an EC key, then take a look at Elliptic Curve Cryptography | Named Curves. If you used domain parameters rather than an OID, then its the exact symptom of "no shared cipher".jww
I am new to all of this. What I am trying to do is trac.pjsip.org/repos/wiki/TLS but I don't know what a root certificate is or how to generate one.user2747139
Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See What topics can I ask about here in the Help Center. Perhaps Super User or Unix & Linux Stack Exchange would be a better place to ask. Also see Where do I post questions about Dev Ops?.jww
It's a development question. I am not asking anything about Linux.user2747139

1 Answers

1
votes

Looks like there is a mismatch between the cipher configuration of the server(receiving side in your case) and client (dialing side in your case).

The error no shared cipher (alert 40) says that there is not at least any one of the cipher used by client available at the server side

You need to look into the call for SSL_CTX_set_cipher_list (If you are using OpenSSL) API on both the ends.

Try to configure the common cihpers on both client and server machines.

Some times you may get the same error (no chared cipher) for unavailability of the cipher which is used by public certificates. better verify the first step then verify your certificate algorithm.

I too had faced the similar problem for my client server configuration.

here is a reference:

"no shared cipher" error with python and OpenSSL