I am trying to get encryption set up for all the phones.

The whole setup for encryption on the UC520 itself appears to go fine, no errors and all the cert chains appear to be created.

However, it falls just short of registering the phone; a phone which has been fully registered and is functional without encryption.

It gets the locale and IP but then it fails with:

027676: Sep 18 19:08:12.498 EDT: New Skinny socket accepted [2] from 1, sub 1 (26 active)

027677: Sep 18 19:08:12.498 EDT: sin_family 2, sin_port 51395, in_addr x.x.x.x

027678: Sep 18 19:08:12.502 EDT: add_skinny_secure_socket: pid =337, new_sock=0, ip address = x.x.x.x

027679: Sep 18 19:08:12.502 EDT: skinny_secure_handshake: pid =337, sock=0, args->pid=337, ip address = x.x.x.x

027680: Sep 18 19:08:12.502 EDT: Start TLS Handshake 0 x.x.x.x 51395

027681: Sep 18 19:08:12.502 EDT: TLS Handshake retcode OPSSLReadWouldBlockErr

027682: Sep 18 19:08:13.502 EDT: TLS Handshake error -6992

027683: Sep 18 19:08:13.502 EDT: TLS context configuration FAILED for 0 x.x.x.x 51395

This is the basic test phone setup:

ephone  36

device-security-mode encrypted

capf-auth-str xxxx

cert-oper upgrade auth-mode auth-string

mac-address x.x.x

ephone-template 16

username "x" password x

type 7942

button  1:130

I've tried using the MIC as well, but no luck.

Any suggestions or directoins to look in?