使用 Openssl 限制密码套件选择 s_server
Restrict cipher suite selection using Openssl s_server
我想针对测试服务器测试我的客户端,所以我使用 OpenSSL s_server 命令。目标是将服务器配置为 select 只有 1 个我配置的密码套件。这样我就可以测试客户端发送的不同密码套件。我无法在客户端更改密码套装列表。
要启动我使用的服务器:
`{` openssl s_server -accept 50000 -cert ../server/server_certificate.pem -key ../server/private_key.pem -CAfile ca_certificate.pem -cipher ECDHE-RSA-AES256-GCM-SHA384 -serverpref -state -debug -status_verbose }
为了测试服务器 select 是否配置了密码套件,我将客户端启动为
openssl s_client -connect 3.135.190.131:50000 -cert ../client/client_certificate1.pem -key ../client/private_key.pem -CAfile ca_certificate.pem
但是当我开始将客户端连接到服务器时,服务器 selects: TLS_AES_256_GCM_SHA384 而不是配置的: ECDHE-RSA-AES256-GCM-SHA384
另外,我检查了跟踪,客户端确实在密码套件列表中发送了 ECDHE-RSA-AES256-GCM-SHA384。
您能否建议服务器端命令可能出错的地方?
您的服务器和客户端想要使用 TLS 1.3,它有自己的一套严格的密码套件,不包括ECDHE-RSA-AES256-GCM-SHA384。
这些可以通过 -ciphersuites 参数更改为 s_server。这组密码套件是对 -ciphers 设置的 TLS 1.2 密码的补充。根据 [手册页](https://www.openssl.org/docs/man1.1.1/man1/openssl-s_server.html:
-cipher val
This allows the list of TLSv1.2 and below ciphersuites used by the server to be modified. This list is combined with any
TLSv1.3 ciphersuites that have been configured. When the client sends
a list of supported ciphers the first client cipher also included in
the server list is used. Because the client specifies the preference
order, the order of the server cipherlist is irrelevant. See the
ciphers command for more information.
-ciphersuites val
This allows the list of TLSv1.3 ciphersuites used by the server to be modified. This list is combined with any TLSv1.2 and
below ciphersuites that have been configured. When the client sends a
list of supported ciphers the first client cipher also included in the
server list is used. Because the client specifies the preference
order, the order of the server cipherlist is irrelevant. See the
ciphers command for more information. The format for this list is a
simple colon (":") separated list of TLSv1.3 ciphersuite names.
如果我们尝试完全删除 TLS 1.3 密码套件,仅保留 TLS 1.2 密码,服务器端会发生以下情况:
$ openssl s_server -accept 50000 -cert node.crt -key node.key -CAfile ca.crt -cipher ECDHE-RSA-AES256-GCM-SHA384 -serverpref -state -debug -status_verbose -ciphersuites ""
Using default temp DH parameters
ACCEPT
write to 0x55c8894b0bd0 [0x55c8894c83f0] (7 bytes => 7 (0x7))
0000 - 15 03 03 00 02 02 28 ......(
SSL3 alert write:fatal:handshake failure
SSL_accept:error in error
ERROR
139842681824576:error:141FC0B5:SSL routines:tls_setup_handshake:no ciphers available:../ssl/statem/statem_lib.c:127:No ciphers enabled for max supported SSL/TLS version
shutting down SSL
CONNECTION CLOSED
服务器上没有启用有效的 TLS 1.3 密码套件,但客户端和服务器都支持 TLS 1.3。这会导致连接失败(无 TLS 降级)。
相反,您需要在两方之一上将最高版本强制为 TLS 1.2。我们可以在服务器上执行此操作(留下 -ciphersuites,因为它不再被使用):
$ openssl s_server -accept 50000 -cert node.crt -key node.key -CAfile ca.crt -cipher ECDHE-RSA-AES256-GCM-SHA384 -serverpref -state -debug -status_verbose -no_tls1_3
...
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
的密码套件部分对此进行了更详细的介绍
我想针对测试服务器测试我的客户端,所以我使用 OpenSSL s_server 命令。目标是将服务器配置为 select 只有 1 个我配置的密码套件。这样我就可以测试客户端发送的不同密码套件。我无法在客户端更改密码套装列表。
要启动我使用的服务器:
`{` openssl s_server -accept 50000 -cert ../server/server_certificate.pem -key ../server/private_key.pem -CAfile ca_certificate.pem -cipher ECDHE-RSA-AES256-GCM-SHA384 -serverpref -state -debug -status_verbose }
为了测试服务器 select 是否配置了密码套件,我将客户端启动为
openssl s_client -connect 3.135.190.131:50000 -cert ../client/client_certificate1.pem -key ../client/private_key.pem -CAfile ca_certificate.pem
但是当我开始将客户端连接到服务器时,服务器 selects: TLS_AES_256_GCM_SHA384 而不是配置的: ECDHE-RSA-AES256-GCM-SHA384 另外,我检查了跟踪,客户端确实在密码套件列表中发送了 ECDHE-RSA-AES256-GCM-SHA384。
您能否建议服务器端命令可能出错的地方?
您的服务器和客户端想要使用 TLS 1.3,它有自己的一套严格的密码套件,不包括ECDHE-RSA-AES256-GCM-SHA384。
这些可以通过 -ciphersuites 参数更改为 s_server。这组密码套件是对 -ciphers 设置的 TLS 1.2 密码的补充。根据 [手册页](https://www.openssl.org/docs/man1.1.1/man1/openssl-s_server.html:
-cipher val
This allows the list of TLSv1.2 and below ciphersuites used by the server to be modified. This list is combined with any TLSv1.3 ciphersuites that have been configured. When the client sends a list of supported ciphers the first client cipher also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist is irrelevant. See the ciphers command for more information.
-ciphersuites val
This allows the list of TLSv1.3 ciphersuites used by the server to be modified. This list is combined with any TLSv1.2 and below ciphersuites that have been configured. When the client sends a list of supported ciphers the first client cipher also included in the server list is used. Because the client specifies the preference order, the order of the server cipherlist is irrelevant. See the ciphers command for more information. The format for this list is a simple colon (":") separated list of TLSv1.3 ciphersuite names.
如果我们尝试完全删除 TLS 1.3 密码套件,仅保留 TLS 1.2 密码,服务器端会发生以下情况:
$ openssl s_server -accept 50000 -cert node.crt -key node.key -CAfile ca.crt -cipher ECDHE-RSA-AES256-GCM-SHA384 -serverpref -state -debug -status_verbose -ciphersuites ""
Using default temp DH parameters
ACCEPT
write to 0x55c8894b0bd0 [0x55c8894c83f0] (7 bytes => 7 (0x7))
0000 - 15 03 03 00 02 02 28 ......(
SSL3 alert write:fatal:handshake failure
SSL_accept:error in error
ERROR
139842681824576:error:141FC0B5:SSL routines:tls_setup_handshake:no ciphers available:../ssl/statem/statem_lib.c:127:No ciphers enabled for max supported SSL/TLS version
shutting down SSL
CONNECTION CLOSED
服务器上没有启用有效的 TLS 1.3 密码套件,但客户端和服务器都支持 TLS 1.3。这会导致连接失败(无 TLS 降级)。
相反,您需要在两方之一上将最高版本强制为 TLS 1.2。我们可以在服务器上执行此操作(留下 -ciphersuites,因为它不再被使用):
$ openssl s_server -accept 50000 -cert node.crt -key node.key -CAfile ca.crt -cipher ECDHE-RSA-AES256-GCM-SHA384 -serverpref -state -debug -status_verbose -no_tls1_3
...
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported