匿名密码不适用于 OpenSSL1.1.1-D
Anonymous Cipher not working with OpenSSL1.1.1-D
我正在验证 OpenSSL-1.1.1-D 的匿名密码支持,但它因 SSL routines:ssl_cipher_list_to_bytes:no 密码可用而失败:ssl\statem\statem_clnt.c:3798: 没有密码为支持的最大 SSL/TLS 版本启用 .
注意::明确禁用 TLSv1.3。
请找到 S_Server 和 S_Client 结果如下
OpenSSL S_Server
s_server -no_tls1_3 -密码 ADH-AES128-SHA:ADH-AES128-SHA256:ADH-AES256-SHA256 -state -accept localhost:14000 -nocert -msg
Using default temp DH parameters
ACCEPT
SSL_accept:before SSL initialization
TLS 1.0, Alert [length 0002], fatal unexpected_message
SSL3 alert write:fatal:unexpected_message
SSL_accept:error in error
ERROR
41244:error:140940F4:SSL routines:ssl3_read_bytes:unexpected message:ssl\record\rec_layer_s3.c:1477:
shutting down SSL
CONNECTION CLOSED
OpenSSL S_Client
s_client -no_tls1_3 -cipher ADH-AES128-SHA256:ADH-AES256-SHA256 -state -connect localhost:14000 -msg
CONNECTED(00000168)
SSL_connect:before SSL initialization
TLS 1.2, Alert [length 0002], fatal internal_error
SSL3 alert write:fatal:internal error
SSL_connect:error in error
35516:error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no ciphers available:ssl\statem\statem_clnt.c:3798:No ciphers enabled for max supported SSL/TLS version
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1573710105
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
请尝试将 :@SECLEVEL=0 添加到密码字符串的末尾,例如
-密码"ADH-AES128-SHA:ADH-AES128-SHA256:ADH-AES256-SHA256:@SECLEVEL=0"
匿名密码套件在 OpenSSL 1.1.0+ 的默认安全级别中被禁用
我正在验证 OpenSSL-1.1.1-D 的匿名密码支持,但它因 SSL routines:ssl_cipher_list_to_bytes:no 密码可用而失败:ssl\statem\statem_clnt.c:3798: 没有密码为支持的最大 SSL/TLS 版本启用 .
注意::明确禁用 TLSv1.3。
请找到 S_Server 和 S_Client 结果如下
OpenSSL S_Server
s_server -no_tls1_3 -密码 ADH-AES128-SHA:ADH-AES128-SHA256:ADH-AES256-SHA256 -state -accept localhost:14000 -nocert -msg
Using default temp DH parameters
ACCEPT
SSL_accept:before SSL initialization
TLS 1.0, Alert [length 0002], fatal unexpected_message
SSL3 alert write:fatal:unexpected_message
SSL_accept:error in error
ERROR
41244:error:140940F4:SSL routines:ssl3_read_bytes:unexpected message:ssl\record\rec_layer_s3.c:1477: shutting down SSL
CONNECTION CLOSED
OpenSSL S_Client
s_client -no_tls1_3 -cipher ADH-AES128-SHA256:ADH-AES256-SHA256 -state -connect localhost:14000 -msg
CONNECTED(00000168)
SSL_connect:before SSL initialization
TLS 1.2, Alert [length 0002], fatal internal_error
SSL3 alert write:fatal:internal error
SSL_connect:error in error 35516:error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no ciphers available:ssl\statem\statem_clnt.c:3798:No ciphers enabled for max supported SSL/TLS version
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1573710105
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
请尝试将 :@SECLEVEL=0 添加到密码字符串的末尾,例如
-密码"ADH-AES128-SHA:ADH-AES128-SHA256:ADH-AES256-SHA256:@SECLEVEL=0"
匿名密码套件在 OpenSSL 1.1.0+ 的默认安全级别中被禁用