TLS ECDHE-ECDSA-AES128-GCM-SHA256 的密钥生成要求 [英] Key generation requirements for TLS ECDHE-ECDSA-AES128-GCM-SHA256

问题描述

我想知道 ECDHE-ECDSA-AES128-GCM-SHA256 和 ECDHE-ECDSA-AES128-GCM-SHA256 是否有最低密钥生成要求?我正在尝试使用上述算法之一让 TLS 客户端和服务器相互连接并继续接收无共享密码错误".我创建了一个 CA 来签署客户端和服务器证书，并尝试仅使用 openssl 和 node.js 进行连接.我在 localhost (127.0.0.1) 上运行客户端和服务器以消除任何其他可能的问题.

I was wondering if there are minimum key-generation requirements for ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES128-GCM-SHA256? I am trying to get a TLS client and server using one of the above algorithms to connect to each other and keep receiving 'no shared cipher errors'. I created a CA for signing client and server certs, and attempted connecting with just openssl and also in node.js. I am running the client and server on localhost (127.0.0.1) to eliminate any other possible problems.

这是我到目前为止所做的:

Here is what I have done so far:

CA 密钥对创建:

  $ openssl genrsa -out ca-key.pem 4096
  $ openssl req -new -x509 -days 365 -key ca-key.pem -out ca-cert.pem

服务器/客户端密钥对创建:

Server / client key pair creation:

  $ openssl genrsa -out server-key.pem 4096
  $ openssl req -new -key server-key.pem -out server-csr.pem
  $ openssl x509 -req -days 365 -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem 

  $ openssl genrsa -out client-key.pem 4096
  $ openssl req -new -key client-key.pem -out client-csr.pem
  $ openssl x509 -req -days 365 -in client-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 -out client-cert.pem

我最初试图从命令行连接到 node.js 服务器 (tls.createServer() 选项: ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256')，但为了消除对节点的怀疑，我退回到 openssl 来创建客户端和服务器.

I was originally attempting to connect to a node.js server from the command line (tls.createServer() with options: ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256'), but to eliminate node suspicion I fell back to openssl for both client and server creation.

以下命令正确连接客户端和服务器，并声明它使用的密码是New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384":

The following commands CORRECTLY connect for client and server and states it is using a cipher of "New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384":

$ openssl s_server -accept 8888 -cert server-cert.pem -key server-key.pem -pass stdin -CAfile ca-cert.pem  -state
<password entered here>

$ openssl s_client -connect 127.0.0.1:8888 -cert client-cert.pem -key client-key.pem -pass stdin -CAfile ca-cert.pem -state
<password entered here>

共享密码信息如下:

Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-R
SA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES2
56-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384
:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-A
ES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECD
H-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH
-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384
:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES
-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA
:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA
:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA2
56:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS
-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256

当我在服务器或客户端和服务器上指定密码时，以下命令不起作用.请注意，ECDHE-ECDSA-AES128-GCM-SHA256 密码在上述列表中列为共享.

The following commands do NOT work when I specify a cipher on the server, or the client and server. Note that the ECDHE-ECDSA-AES128-GCM-SHA256 cipher is listed as shared in the above list.

$ openssl s_server -accept 8888 -cert server-cert.pem -key server-key.pem -pass stdin -CAfile ca-cert.pem -cipher ECDHE-ECDSA-AES128-GCM-SHA256
<password entered here>

<< Server output after client connection attempt >>
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
ERROR
2674688:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1353:
shutting down SSL
CONNECTION CLOSED
ACCEPT


$ openssl s_client -connect 127.0.0.1:8888 -cert client-cert.pem -key client-key.pem -pass stdin -CAfile ca-cert.pem -cipher ECDHE-ECDSA-AES128-GCM-SHA256
<password entered here>

<<client output after connection attempt>>
CONNECTED(00000003)
2674688:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:708:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 166 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

有人有什么想法吗?提前致谢！

Does anyone have any ideas? Thanks in advance!

推荐答案

你用错了钥匙

 openssl genrsa -out ca-key.pem 4096 

您需要使用 ecparam

openssl ecparam -name secp521r1 -out ca-key.pem -genkey

和

openssl ecparam -name secp521r1 -out client-key.pem -genkey

genrsa 生成一个 RSA 密钥，当与 ECDHE 一起使用时，它会验证椭圆曲线 Diffie Hellman 密钥交换 (ECDHE).

genrsa generates an RSA key that, when used with ECDHE, authenticates the Elliptic Curve Diffie Hellman key Exchange (ECDHE).

ECDHE-ECDSA-AES128-GCM-SHA256 中的 ECDSA 意味着您需要椭圆曲线数字签名算法来验证该密钥.因为您没有这些密钥，所以命令失败.但是，ECDHE-RSA-AES256-GCM-SHA384 可以工作，因为它使用您拥有的 RSA 密钥.

The ECDSA in ECDHE-ECDSA-AES128-GCM-SHA256 means you need the Elliptic Curve Digital Signature Algorithm to authenticate that key. Because you don't have those kind of keys, the command fails. However, ECDHE-RSA-AES256-GCM-SHA384 works because it uses RSA keys which you have.

您得到 sha384 是因为 openssl 选择了最强的密码套件，并且在所有条件相同的情况下，sha384 优于 sha256.你可以覆盖它，看起来你用 --cipher 这样做了.

You are getting sha384 because openssl picks the strongest cipher suite and all things being equal sha384 is better than sha256. You can override this, and it looks like you did so with --cipher.

请注意，您可能想要使用不同的曲线.您可以使用

Note you may want to use a different curve. You can get the full list with

openssl ecparam -list_curves

出于好奇，为什么要使用特定的密码套件?ECDHE 和 ECDSA 是最先进的，但 sha256 只是标准，而且 AES 128 肯定足够好，如果人们像 ECDHE 和 ECDSA 所暗示的那样谨慎，他们倾向于使用 256.

Out of curiosity, why that specific cipher suite? ECDHE and ECDSA are state of the art, but sha256 is just standard, and well AES 128 is certainly good enough, people tend to use 256 if they are being as cautious as the ECDHE and ECDSA stuff implies.

这篇关于TLS ECDHE-ECDSA-AES128-GCM-SHA256 的密钥生成要求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！