TLS PJSIP pjsip_transport_management.c: Shutting down transport 'TLS to

lbill · August 8, 2023, 7:31pm

Would anyone have a clue what this error is trying to tell me?
I setup extensions, they register on pjsip UDP without issues, but when I switch to TLS, I can’t register. I am using an IP Phone

I changed the PJSIP ports and adjusted firewall

My VitalPBX 4 is running on Debian 11 arm64



[2023-08-08 04:36:05] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:36:30] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:36:37] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:37:02] NOTICE[1284] res_pjsip/pjsip_transport_management.c: Shutting down transport 'TLS to X.X.X.X:11961' since no request was received in 32 seconds
[2023-08-08 04:37:08] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:37:34] NOTICE[1284] res_pjsip/pjsip_transport_management.c: Shutting down transport 'TLS to X.X.X.X:11962' since no request was received in 32 seconds
[2023-08-08 04:37:40] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:38:06] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:38:11] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:38:38] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:38:43] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:39:10] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:39:14] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:39:42] NOTICE[1284] res_pjsip/pjsip_transport_management.c: Shutting down transport 'TLS to X.X.X.X:11966' since no request was received in 32 seconds
[2023-08-08 04:39:46] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:40:14] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-08 04:40:17] WARNING[1268] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535

lbill · August 8, 2023, 7:36pm

lbill · August 8, 2023, 8:46pm

PitzKey · August 8, 2023, 11:01pm

It seems like you don’t use an FQDN with your TLS connection. Additionally, can you please share from what CA the SSL is from?

lbill · August 9, 2023, 4:54pm

I get the same error with FQDN, The certificate is from Let’s Encrypt

ipphone

certificate

hlev · August 9, 2023, 9:13pm

What Profile did you set for the extension? If you didn’t change anything it will be using the default PJSIP profile which is set to use UDP as transport and it will not work. You will need to create a new device profile, setting the transport to TLS and enabling the Media Encryption Protocol to be used DTLS or SDES

lbill · August 10, 2023, 12:22am

I created a new device profile with TLS transport and DTLS for media encryption
I am still getting and “Registration failed” in the logs:

WARNING[1239] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535

hlev · August 10, 2023, 4:18pm

Did you assign the new device profile to the extension you are using?

lbill · August 10, 2023, 4:31pm

Yes assigned the TLS profile to Ext 1000.

My network settings look kind if “bare” I would expect more settings there

hlev · August 10, 2023, 4:38pm

In the device profile, did you set the DTLS cert as well? I am not usign a deskphone but you acn see my softphone is registered and connected via TLS as you can see the little lock besides the status icon.

lbill · August 10, 2023, 4:48pm

yes the cert is selected.

I will try DES and report back

lbill · August 10, 2023, 4:53pm

I switched to SDES

] VERBOSE[140189] loader.c: Reloading module 'res_pjsip.so' (Basic SIP resource)
[2023-08-10 09:51:01] NOTICE[140190] sorcery.c: Type 'system' is not reloadable, maintaining previous values
[2023-08-10 09:51:08] WARNING[1239] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535

hlev · August 10, 2023, 4:57pm

This could be your Yealink phone not liking the LE cert on the server it happens with older firmwares from them. There is a setting in the phone that allows to toggle acceptthe certs from other sources not found in the cert store.

hlev · August 10, 2023, 4:59pm

lbill:

VERBOSE[140189] loader.c: Reloading module 'res_pjsip.so' (Basic SIP resource)
[2023-08-10 09:51:01] NOTICE[140190] sorcery.c: Type 'system' is not reloadable, maintaining previous values
[2023-08-10 09:51:08] WARNING[1239] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535

Now that I see that error, this seems to be on the server side fully. Is your LE cert set on the HTTP server?

lbill · August 10, 2023, 7:20pm

Is your LE cert set on the HTTP server?
Yes, I believe it is set on https:

I swapped the Yealink phones for a new one, but no difference between T21 and T31.
I will look for the toggle to accept certs

lbill · August 10, 2023, 7:32pm

I found the Security tab with “Trusted certificates”
“Only Accept Trusted Certificates” was Enabled.

After I toggled it to disabled :

disable

Phone registered !!

Thank you hlev, you are the best!!!

lbill · August 10, 2023, 7:37pm

This is how the log looks like after it registered

WARNING[1239] pjproject: SSL 6 [SSL_ERROR_ZERO_RETURN] (Read) ret: 0 len: 65535
[2023-08-10 12:26:37] VERBOSE[160709] res_pjsip_registrar.c: Added contact 'sip:1000@X.X.X.X.X:11971;transport=TLS;x-ast-orig-host=192.168.1.16:11971' to AOR '104' with expiration of 3600 seconds
[2023-08-10 12:26:37] VERBOSE[160709] res_pjsip/pjsip_configuration.c: Endpoint 104 is now Reachable
[2023-08-10 12:26:37] VERBOSE[160709] res_pjsip/pjsip_options.c: Contact 104/sip:1000@X.X.X.X.X:11971;transport=TLS;x-ast-orig-host=192.168.0.156:11971 is now Reachable. RTT: 15.722 msec