PJSIP SSL Method - Missing certificate

Reporting an Issue VitalPBX 4
1

Hello,

When I try to set SSL Method to anything but tlsv1_2, I get no certificate when I tried to connect. I also notice this error when I change SSL method

[2023-08-11 10:30:18] ERROR[5115]: pjproject: <?>: ssl0xaaaad2cf8c00 Error reading CA certificates from buffer

vpbx4:~# openssl s_client -connect localhost:5061
CONNECTED(00000003)
281473396357616:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:…/ssl/record/rec_layer_s3.c:1543:SSL alert number 80

no peer certificate available

No client certificate CA names sent

SSL handshake has read 7 bytes and written 283 bytes
Verification: OK

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

If I set it back to tlsv1_2:

vpbx4:~# openssl s_client -connect localhost:5061
CONNECTED(00000003)
Can’t use SSL_get_servername
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let’s Encrypt, CN = R3
verify return:1
depth=0 CN = vpbx4 diofl net
verify return:1

Certificate chain
0 s:CN = vpbx4 diofl net
i:C = US, O = Let’s Encrypt, CN = R3
1 s:CN = vpbx4 diofl net
i:C = US, O = Let’s Encrypt, CN = R3
2 s:C = US, O = Let’s Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
3 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
4 s:O = Digital Signature Trust Co., CN = DST Root CA X3
i:O = Digital Signature Trust Co., CN = DST Root CA X3

Server certificate
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
subject=CN = vpbx4 diofl net

issuer=C = US, O = Let’s Encrypt, CN = R3

No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Shared Requested Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:Ed25519:Ed448:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits

SSL handshake has read 7371 bytes and written 388 bytes
Verification: OK

New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 79BECA66BACF04A575B183FEEDA6F578B9E06E3EE94BDB7E7B9A9A9FAED6771C
Session-ID-ctx:
Master-Key: 7A39E38915DDEEAB3D1CE5CE861C9DEB1A2EB9CB6355F0FBEC8A96322079F578D6D5DE1C7773FB8B508D95F52E8574E2
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1691763633
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes