用于 DHE 交换的 OpenSSL 证书生成
OpenSSL certificate generation for DHE exchange
我是安全和 OpenSSL 方面的初学者。我的 objective 是以编程方式生成一个证书,该证书通过了 Chrome 所做的 "obsolete" 羞辱。我用来生成的证书使用 AES_128_GCM 和 RSA,即使我尝试将密码列表设置为 kEECDH:kEDH:!ADH:AES256-SHA256 并且服务器上下文使用 SSL_CTX_new(TLSv1_2_server_method());.
基于 the documentation 中的示例,我尝试了以下操作:
X509 *x = NULL;
EVP_PKEY *pk = NULL;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *params = NULL;
if(NULL == (params = EVP_PKEY_new()))
goto err;
if(1 != EVP_PKEY_set1_DH(params, DH_get_2048_256()))
goto err;
if(!(ctx = EVP_PKEY_CTX_new(params, NULL)))
goto err;
if(!EVP_PKEY_keygen_init(ctx))
goto err;
if(!EVP_PKEY_keygen(ctx, &pk))
goto err;
if ((x=X509_new()) == NULL)
goto err;
X509_set_version(x,2);
X509_set_pubkey(x,pk);
//... (setting the issuer, subject, etc)
//Here is where it fails
if (!X509_sign(x,pk,EVP_sha256()))
goto err;
RSA 而不是 DH 的相同代码有效。 X509_sign给出的错误是EVP_PKEY_sign_init operation not supported for this keytype。
我能做什么?我希望连接使用 ECDHE 但我不知道如何设置它。我需要这在合理范围内是安全的,但我的安全知识真的很有限。不过我正在努力。任何帮助将不胜感激,但请提供代码和您的答案(不是命令行生成)。
My objective is to programatically generate a certificate that passes the "obsolete" shaming that Chrome does...
What could I do? I would prefer the connection to use ECDHE but I have no idea how to set that up....
I tried setting the cipher list to kEECDH:kEDH:!ADH:AES256-SHA256...
通常,HIGH:!aNULL:!RC4:!MD5就足够了。既然你想使用临时密钥交换(这是一件好事),你也应该删除 RSA 密钥传输:HIGH:!aNULL:!kRSA:!RC4:!MD5.
Based on the example from the documentation...
另请参阅 OpenSSL wiki 上的 SSL/TLS Client。它是一个客户端,但它向您展示了如何设置上下文。
因为它是一个服务器,您可能还需要上下文选项,例如 SSL_OP_SAFARI_ECDHE_ECDSA_BUG。
OpenSSL certificate generation for DHE exchange
几乎任何证书都可以。它可以是 RSA 密钥、DSS 密钥或 ECDSA 密钥。证书中的密钥将用于签署服务器消息(一些人手放弃),因此它用于服务器身份验证。
临时密钥交换不同。您确保使用 SSL_CTX_set_cipher_list 和密码套件字符串。
由于您没有使用 SRP 和 PSK 等密码套件,因此您也可以删除它们。 RSA 仍然出现,但它用于服务器身份验证,而不是密钥传输:
$ openssl ciphers -v 'HIGH:!aNULL:!kRSA:!RC4:!MD5:!3DES:!DSS:!DSA:!SRP:!PSK'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1
ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1
ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1
我是安全和 OpenSSL 方面的初学者。我的 objective 是以编程方式生成一个证书,该证书通过了 Chrome 所做的 "obsolete" 羞辱。我用来生成的证书使用 AES_128_GCM 和 RSA,即使我尝试将密码列表设置为 kEECDH:kEDH:!ADH:AES256-SHA256 并且服务器上下文使用 SSL_CTX_new(TLSv1_2_server_method());.
基于 the documentation 中的示例,我尝试了以下操作:
X509 *x = NULL;
EVP_PKEY *pk = NULL;
EVP_PKEY_CTX *ctx = NULL;
EVP_PKEY *params = NULL;
if(NULL == (params = EVP_PKEY_new()))
goto err;
if(1 != EVP_PKEY_set1_DH(params, DH_get_2048_256()))
goto err;
if(!(ctx = EVP_PKEY_CTX_new(params, NULL)))
goto err;
if(!EVP_PKEY_keygen_init(ctx))
goto err;
if(!EVP_PKEY_keygen(ctx, &pk))
goto err;
if ((x=X509_new()) == NULL)
goto err;
X509_set_version(x,2);
X509_set_pubkey(x,pk);
//... (setting the issuer, subject, etc)
//Here is where it fails
if (!X509_sign(x,pk,EVP_sha256()))
goto err;
RSA 而不是 DH 的相同代码有效。 X509_sign给出的错误是EVP_PKEY_sign_init operation not supported for this keytype。
我能做什么?我希望连接使用 ECDHE 但我不知道如何设置它。我需要这在合理范围内是安全的,但我的安全知识真的很有限。不过我正在努力。任何帮助将不胜感激,但请提供代码和您的答案(不是命令行生成)。
My objective is to programatically generate a certificate that passes the "obsolete" shaming that Chrome does...
What could I do? I would prefer the connection to use ECDHE but I have no idea how to set that up....
I tried setting the cipher list tokEECDH:kEDH:!ADH:AES256-SHA256...
通常,HIGH:!aNULL:!RC4:!MD5就足够了。既然你想使用临时密钥交换(这是一件好事),你也应该删除 RSA 密钥传输:HIGH:!aNULL:!kRSA:!RC4:!MD5.
Based on the example from the documentation...
另请参阅 OpenSSL wiki 上的 SSL/TLS Client。它是一个客户端,但它向您展示了如何设置上下文。
因为它是一个服务器,您可能还需要上下文选项,例如 SSL_OP_SAFARI_ECDHE_ECDSA_BUG。
OpenSSL certificate generation for DHE exchange
几乎任何证书都可以。它可以是 RSA 密钥、DSS 密钥或 ECDSA 密钥。证书中的密钥将用于签署服务器消息(一些人手放弃),因此它用于服务器身份验证。
临时密钥交换不同。您确保使用 SSL_CTX_set_cipher_list 和密码套件字符串。
由于您没有使用 SRP 和 PSK 等密码套件,因此您也可以删除它们。 RSA 仍然出现,但它用于服务器身份验证,而不是密钥传输:
$ openssl ciphers -v 'HIGH:!aNULL:!kRSA:!RC4:!MD5:!3DES:!DSS:!DSA:!SRP:!PSK'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256
DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(256) Mac=SHA1
ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256) Mac=AEAD
ECDH-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384
ECDH-RSA-AES256-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1
ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256
DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA Enc=Camellia(128) Mac=SHA1
ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD
ECDH-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256
ECDH-RSA-AES128-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1
ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA1