TLS ECDHE-ECDSA-AES128-GCM-SHA256的密钥生成要求 [英] Key generation requirements for TLS ECDHE-ECDSA-AES128-GCM-SHA256
问题描述
我想知道是否有ECDHE-ECDSA-AES128-GCM-SHA256和ECDHE-ECDSA-AES128-GCM-SHA256的最低密钥生成要求?我试图让一个TLS客户端和服务器使用上述算法之一连接到彼此,并继续接收没有共享密码错误。我创建了一个CA来签署客户端和服务器证书,并尝试使用openssl和node.js进行连接。我在localhost(127.0.0.1)上运行cliengt和服务器以消除任何其他可能的问题。
I was wondering if there are minimum key-generation requirements for ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES128-GCM-SHA256? I am trying to get a TLS client and server using one of the above algorithms to connect to each other and keep receiving 'no shared cipher errors'. I created a CA for signing client and server certs, and attempted connecting with just openssl and also in node.js. I am running the cliengt and server on localhost (127.0.0.1) to eliminate any other possible problems.
这是我到目前为止做的:
Here is what I have done so far:
CA密钥对创建:
$ openssl genrsa -out ca-key.pem 4096
$ openssl req -new -x509 -days 365 -key ca-key.pem -out ca-cert.pem
创建服务器/客户端密钥对:
Server / client key pair creation:
$ openssl genrsa -out server-key.pem 4096
$ openssl req -new -key server-key.pem -out server-csr.pem
$ openssl x509 -req -days 365 -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
$ openssl genrsa -out client-key.pem 4096
$ openssl req -new -key client-key.pem -out client-csr.pem
$ openssl x509 -req -days 365 -in client-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -set_serial 02 -out client-cert.pem
我最初尝试从命令行连接到node.js服务器(tls.createServer )与选项:密码:'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256'),但为了消除节点怀疑,我回到客户端和服务器创建openssl。
I was originally attempting to connect to a node.js server from the command line (tls.createServer() with options: ciphers: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256'), but to eliminate node suspicion I fell back to openssl for both client and server creation.
以下命令CORRECTLY为客户端和服务器连接,并说明它使用的密码为New,TLSv1 / SSLv3,Cipher is ECDHE-RSA-AES256-GCM-SHA384:
The following commands CORRECTLY connect for client and server and states it is using a cipher of "New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384":
$ openssl s_server -accept 8888 -cert server-cert.pem -key server-key.pem -pass stdin -CAfile ca-cert.pem -state
<password entered here>
$ openssl s_client -connect 127.0.0.1:8888 -cert client-cert.pem -key client-key.pem -pass stdin -CAfile ca-cert.pem -state
<password entered here>
共享密码信息如下:
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-R
SA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES2
56-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384
:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-A
ES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECD
H-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH
-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384
:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES
-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA
:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA
:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA2
56:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS
-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256
当我在服务器上指定密码时,以下命令不起作用,或客户端和服务器。请注意,ECDHE-ECDSA-AES128-GCM-SHA256密码在上面的列表中列为共享。
The following commands do NOT work when I specify a cipher on the server, or the client and server. Note that the ECDHE-ECDSA-AES128-GCM-SHA256 cipher is listed as shared in the above list.
$ openssl s_server -accept 8888 -cert server-cert.pem -key server-key.pem -pass stdin -CAfile ca-cert.pem -cipher ECDHE-ECDSA-AES128-GCM-SHA256
<password entered here>
<< Server output after client connection attempt >>
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
ERROR
2674688:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1353:
shutting down SSL
CONNECTION CLOSED
ACCEPT
$ openssl s_client -connect 127.0.0.1:8888 -cert client-cert.pem -key client-key.pem -pass stdin -CAfile ca-cert.pem -cipher ECDHE-ECDSA-AES128-GCM-SHA256
<password entered here>
<<client output after connection attempt>>
CONNECTED(00000003)
2674688:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:708:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 166 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
有没有任何想法?提前感谢!
Does anyone have any ideas? Thanks in advance!
推荐答案
您正在使用错误的键
openssl genrsa -out ca-key.pem 4096
您需要使用 ecparam
openssl ecparam -name secp521r1 -out ca-key.pem -genkey
和
openssl ecparam -name secp521r1 -out client-key.pem -genkey
genrsa 生成RSA密钥,当与ECDHE一起使用时,验证椭圆曲线Diffie Hellman密钥交换(ECDHE)。
genrsa generates an RSA key that, when used with ECDHE, authenticates the Elliptic Curve Diffie Hellman key Exchange (ECDHE).
ECDSA-ECDSA-AES128-GCM-SHA256中的ECDSA意味着您需要椭圆曲线数字签名算法来验证该密钥。因为你没有那种键,命令失败。然而,ECDHE-RSA-AES256-GCM-SHA384工作,因为它使用您拥有的RSA密钥。
The ECDSA in ECDHE-ECDSA-AES128-GCM-SHA256 means you need the Elliptic Curve Digital Signature Algorithm to authenticate that key. Because you don't have those kind of keys, the command fails. However, ECDHE-RSA-AES256-GCM-SHA384 works because it uses RSA keys which you have.
您正在得到sha384,因为openssl选择最强的密码套件和所有东西等于sha384比sha256好。你可以覆盖这个,它看起来像你这样用 - 密码。
You are getting sha384 because openssl picks the strongest cipher suite and all things being equal sha384 is better than sha256. You can override this, and it looks like you did so with --cipher.
注意你可能想使用不同的曲线。您可以使用
Note you may want to use a different curve. You can get the full list with
openssl ecparam -list_curves
出于好奇,为什么特定的密码套件? ECDHE和ECDSA是最先进的,但sha256只是标准,而且AES 128肯定够好,如果ECDHE和ECDSA的东西暗示,人们倾向于使用256,如果他们是谨慎的话。
Out of curiosity, why that specific cipher suite? ECDHE and ECDSA are state of the art, but sha256 is just standard, and well AES 128 is certainly good enough, people tend to use 256 if they are being as cautious as the ECDHE and ECDSA stuff implies.
这篇关于TLS ECDHE-ECDSA-AES128-GCM-SHA256的密钥生成要求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
