[transport-tls] type=transport protocol=tls bind=0.0.0.0:5061 cert_file=/etc/asterisk/keys/asterisk.crt priv_key_file=/etc/asterisk/keys/asterisk.key method=tlsv1sslv23
Note the protocol, cert_file, priv_key_file, and method options. Here, we're using the TLS protocol, we're specifying the keys that we generated earlier for cert_file and priv_key_file and we're setting the method to TLSv1SSLv23.
Next, you'll need to configure a TLS-capable endpoint. An example of one would resemble:
tlsenable=yes tlsbindaddr=0.0.0.0 tlscertfile=/etc/asterisk/keys/asterisk.pem tlscafile=/etc/asterisk/keys/ca.crt tlscipher=ALL tlsclientmethod=tlsv1 ;none of the others seem to work with Blink as the client
Here, we're enabling TLS support.
We're binding it to our local IPv4 wildcard (the port defaults to 5061 for TLS).
We've set the TLS certificate file to the one we created above.
We've set the Certificate Authority to the one we created above.
TLS Ciphers have been set to ALL, since it's the most permissive. And we've set the TLS client method to TLSv1, since that's the preferred one for RFCs and for most clients.
Next, you'll need to configure a SIP peer within Asterisk to use TLS as a transport type. Here's an example: