Last updated: 2026-06-25

Asterisk TLS/SSL Configuration Guide

This guide provides recommended TLS/SSL settings for Asterisk PBX to encrypt SIP signaling traffic. Securing VoIP communications with TLS prevents eavesdropping on call setup and authentication credentials.

Prerequisites

  • Asterisk 20 or later (with PJSIP, which is the recommended SIP channel driver); Asterisk 22 is the current LTS and Asterisk 20 is nearing the end of its full support window
  • OpenSSL 1.1.1 or later
  • SSL certificates (server certificate, private key, and CA certificate)

Certificate Setup

Asterisk needs a certificate and private key for TLS. You can use certificates from a CA like Let's Encrypt, or generate self-signed certificates for internal use.

Combine your certificate and private key if needed (Asterisk often expects a combined PEM file):

cat /etc/asterisk/keys/cert.pem /etc/asterisk/keys/privkey.pem > /etc/asterisk/keys/asterisk.pem
chmod 640 /etc/asterisk/keys/asterisk.pem
chown root:asterisk /etc/asterisk/keys/asterisk.pem

PJSIP TLS Transport Configuration

PJSIP is the modern SIP channel driver in Asterisk and is recommended over the legacy chan_sip. Configure a TLS transport in pjsip.conf.

Transport Settings

[transport-tls]
type = transport
protocol = tls
bind = 0.0.0.0:5061

; Certificate files
cert_file = /etc/asterisk/keys/asterisk.pem
priv_key_file = /etc/asterisk/keys/privkey.pem
ca_list_file = /etc/asterisk/keys/ca.crt

; TLS method - tlsv1_2 sets the minimum version
; When using OpenSSL 1.1.1+, TLS 1.3 is also available
method = tlsv1_2

; Cipher suites (OpenSSL format)
cipher = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305

; Verify remote certificates
verify_server = yes
verify_client = no

A PJSIP transport binds to a single address family, so a transport bound to 0.0.0.0 listens on IPv4 only. For dual-stack, define a second TLS transport bound to [::] for IPv6:

[transport-tls-v6]
type = transport
protocol = tls
bind = [::]:5061

; Certificate files
cert_file = /etc/asterisk/keys/asterisk.pem
priv_key_file = /etc/asterisk/keys/privkey.pem
ca_list_file = /etc/asterisk/keys/ca.crt

method = tlsv1_2
cipher = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
verify_server = yes
verify_client = no

Configuration Explained

  • protocol = tls - Enables TLS for this transport. SIP over TLS uses port 5061 by default.
  • method = tlsv1_2 - Sets the minimum TLS protocol version. With OpenSSL 1.1.1+, both TLS 1.2 and TLS 1.3 are available.
  • cipher - Restricts the allowed cipher suites to strong AEAD ciphers with forward secrecy.
  • verify_server = yes - Verifies the server certificate when making outbound connections. Requires a valid ca_list_file.
  • verify_client = no - Set to yes if you want to require client certificates for mutual TLS authentication.

See RFC 8446 ยง4.3.2 for the TLS Certificate Request specification, and Wikipedia: Mutual authentication for a general overview.

PJSIP Endpoint Configuration

Configure endpoints to use the TLS transport:

[my-trunk]
type = endpoint
transport = transport-tls
context = from-trunk
disallow = all
allow = ulaw
allow = alaw
media_encryption = sdes
; ... other endpoint settings

The media_encryption = sdes setting enables SRTP for encrypting the audio stream in addition to the SIP signaling. Other options include:

  • no - No media encryption
  • sdes - SDES key exchange for SRTP (most common)
  • dtls - DTLS-SRTP key exchange (more secure, but less widely supported)

SRTP for Media Encryption

TLS only encrypts SIP signaling (call setup). To encrypt the actual audio/media, enable SRTP. With PJSIP, set media_encryption on the endpoint as shown above.

For mandatory SRTP (reject unencrypted media):

[my-endpoint]
type = endpoint
media_encryption = sdes
media_encryption_optimistic = no

Setting media_encryption_optimistic = no means the call will fail if SRTP cannot be negotiated, rather than falling back to unencrypted RTP.

Legacy chan_sip Configuration

If you are still using the legacy chan_sip driver (not recommended for new deployments), configure TLS in sip.conf:

[general]
tlsenable = yes
tlsbindaddr = 0.0.0.0:5061
tlscertfile = /etc/asterisk/keys/asterisk.pem
tlsprivatekey = /etc/asterisk/keys/privkey.pem
tlscafile = /etc/asterisk/keys/ca.crt
tlscipher = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
tlsclientmethod = tlsv1_2

Note: tlsbindaddr = 0.0.0.0:5061 binds the IPv4 wildcard only. chan_sip accepts a single tlsbindaddr, so a single instance cannot bind both an IPv4 and an IPv6 wildcard for TLS; bind tlsbindaddr = [::]:5061 to serve IPv6 (which on most systems also accepts IPv4-mapped clients) or migrate to PJSIP for proper dual-stack with two transports.

Note: chan_sip was removed in Asterisk 21. It is not available in Asterisk 21 or later. New installations should use PJSIP.

Complete PJSIP Example

A minimal pjsip.conf with TLS and SRTP:

; TLS transport
[transport-tls]
type = transport
protocol = tls
bind = 0.0.0.0:5061
cert_file = /etc/asterisk/keys/asterisk.pem
priv_key_file = /etc/asterisk/keys/privkey.pem
ca_list_file = /etc/asterisk/keys/ca.crt
method = tlsv1_2
cipher = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
verify_server = yes
verify_client = no

; IPv6 TLS transport (second transport for dual-stack)
[transport-tls-v6]
type = transport
protocol = tls
bind = [::]:5061
cert_file = /etc/asterisk/keys/asterisk.pem
priv_key_file = /etc/asterisk/keys/privkey.pem
ca_list_file = /etc/asterisk/keys/ca.crt
method = tlsv1_2
cipher = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305
verify_server = yes
verify_client = no

; SIP trunk with TLS and SRTP
[my-provider]
type = endpoint
transport = transport-tls
context = from-external
disallow = all
allow = ulaw
allow = alaw
media_encryption = sdes
media_encryption_optimistic = no

[my-provider]
type = aor
contact = sip:sip.provider.example.com:5061\;transport=tls

[my-provider]
type = identify
endpoint = my-provider
match = sip.provider.example.com

Security Notes

The cipher suite and protocol configuration in this guide addresses the following known TLS vulnerabilities:

  • POODLE (CVE-2014-3566, 2014): SSL 3.0 is disabled. TLS_FALLBACK_SCSV was added in OpenSSL 1.0.1j / 1.0.2 (October 2014); SSL 3.0 disabled by default in OpenSSL 1.1.0 (August 2016).
  • BEAST (CVE-2011-3389, 2011): Mitigated by recommending TLS 1.2 as the minimum; AEAD-only ciphers eliminate the CBC padding oracle.
  • CRIME (CVE-2012-4929, 2012): TLS compression is off by default in OpenSSL 1.1.0+; do not enable it.
  • Lucky13 (2013): AEAD-only cipher list eliminates CBC padding timing side-channels entirely.
  • FREAK (CVE-2015-0204, 2015): EXPORT-grade ciphers are excluded. Removed from OpenSSL 1.1.0 (August 2016).
  • LOGJAM (CVE-2015-4000, 2015): Short-key DHE is excluded; only ECDHE key exchange is recommended.
  • Sweet32 (CVE-2016-2183, 2016): 3DES is excluded from the cipher string.
  • ROBOT (2017): Static RSA key exchange is excluded; only ECDHE is recommended.
  • Downgrade attacks: TLS_FALLBACK_SCSV prevents protocol version rollback.

The following are not addressable through TLS configuration alone:

  • Heartbleed (CVE-2014-0160, 2014): A memory disclosure bug in OpenSSL 1.0.1 through 1.0.1f. Fixed in OpenSSL 1.0.1g (April 7, 2014). Addressed by patching OpenSSL, not by TLS configuration.
  • BREACH (CVE-2013-3587, 2013): Not applicable. BREACH targets HTTP-level response compression; SIP/TLS signaling does not involve HTTP response compression.
  • DROWN (CVE-2016-0800, 2016): Requires SSLv2 to be enabled on any server sharing the same private key. Ensure SSLv2 is disabled on all services that use the same certificate and key pair.

Verification

Reload the PJSIP configuration and verify the TLS transport is active:

asterisk -rx "module reload res_pjsip.so"
asterisk -rx "pjsip show transports"

Verify TLS is working on the expected port:

openssl s_client -connect your-asterisk-server:5061

Check active channels for encryption:

asterisk -rx "pjsip show channels"

Related Guides

FreeSWITCH

Scalable open-source telephony platform.

Kamailio

High-performance SIP server and proxy.

OpenSSH

Secure remote access and file transfer.

View all Communications & VPN guides →

Configured TLS? Now Monitor It.

Generator Labs alerts you before certificates expire, get revoked, or fail chain validation, across HTTPS, SMTPS, IMAPS, LDAPS, and more.

Certificate Monitoring →