OpenSSL服务器密码选择 [英] OpenSSL server cipher selection

问题描述

在SSL/TLS握手过程中，客户端会发送一份受支持的密码套件列表，服务器会选择用于对话的密码套件. Windows具有加密套件的优先列表(可通过注册表配置)，并将在该列表中选择客户端支持的第一个套件.一旦使用密码套件标志创建了可接受的密码列表，当OpenSSL充当服务器时，OpenSSL将使用哪种算法来选择密码套件?我在OpenSSL文档中找不到答案.

During an SSL/TLS handshake, the client sends up a list of supported cipher suites and the server selects which one to use for the conversation. Windows has a prioritized list of cipher suites (configurable via the registry) and will select the first suite in that list that is supported by the client. Once a list of acceptable ciphers is created using the cipher suite flags, what algorithm does OpenSSL use to select the cipher suite when it's acting as a server? I could not find the answer in the OpenSSL documentation.

推荐答案

看看此联机帮助页.

cipherlist命令将OpenSSL密码列表转换为有序SSL 密码首选项列表.它可以用作测试工具来确定 适当的密码列表.

The cipherlist command converts OpenSSL cipher lists into ordered SSL cipher preference lists. It can be used as a test tool to determine the appropriate cipherlist.

这篇关于OpenSSL服务器密码选择的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！