如何传递SSL_CTX使用的EC命名曲线列表? [英] How to pass EC named curve list used by SSL_CTX?
问题描述
我需要将选定的EC命名曲线列表传递到服务器。什么是OpenSSL API,同时生成 SSL_CTX 。
< blockquote>
我需要将选定的EC命名的曲线列表传递到服务器。什么是OpenSSL API,同时生成 SSL_CTX 。
它不可能在OpenSSL 1.0.1及以下。您必须破解源代码。
对于OpenSSL 1.0.2及更高版本,请使用 SSL_CTX_set1_curves 。
如果你是黑客OpenSSL 1.0.0和1.0.1的源代码,然后修改 pref_list 从 t1_lib.c :
static int my_pref_list [] =
{
NID_sect571r1,/ * sect571r1(14)* /
NID_sect571k1,/ * sect571k1(13)* /
NID_secp521r1,/ * secp521r1(25)* /
NID_sect409k1,/ * sect409k1 * /
NID_sect409r1,/ * sect409r1(12)* /
NID_secp384r1,/ * secp384r1(24)* /
NID_sect283k1,/ * sect283k1(9)* /
NID_sect283r1 / * sect283r1(10)* /
NID_secp256k1,/ * secp256k1(22)* /
NID_X9_62_prime256v1,/ * secp256r1(23)* /
NID_sect239k1,/ * sect239k1
NID_sect233k1,/ * sect233k1(6)* /
NID_sect233r1,/ * sect233r1(7)* /
NID_secp224k1,/ * secp224k1(20)* /
NID_secp224r1, secp224r1(21)* /
};
另请参阅 OpenSSL RT Issue 3179,功能请求:在客户端中设置EC曲线的首选项列表。
I need to pass the selected EC named curve list to server. What is the OpenSSL API to achieve the same while generating the SSL_CTX.
I need to pass the selected EC named curve list to server. What is the OpenSSL API to achieve the same while generating the
SSL_CTX.
Its not possible in OpenSSL 1.0.1 and below. You have to hack the source code.
For OpenSSL 1.0.2 and above, use SSL_CTX_set1_curves.
If you are hacking the source code for OpenSSL 1.0.0 and 1.0.1, then modify pref_list from t1_lib.c:
static int my_pref_list[] =
{
NID_sect571r1, /* sect571r1 (14) */
NID_sect571k1, /* sect571k1 (13) */
NID_secp521r1, /* secp521r1 (25) */
NID_sect409k1, /* sect409k1 (11) */
NID_sect409r1, /* sect409r1 (12) */
NID_secp384r1, /* secp384r1 (24) */
NID_sect283k1, /* sect283k1 (9) */
NID_sect283r1, /* sect283r1 (10) */
NID_secp256k1, /* secp256k1 (22) */
NID_X9_62_prime256v1, /* secp256r1 (23) */
NID_sect239k1, /* sect239k1 (8) */
NID_sect233k1, /* sect233k1 (6) */
NID_sect233r1, /* sect233r1 (7) */
NID_secp224k1, /* secp224k1 (20) */
NID_secp224r1, /* secp224r1 (21) */
};
Also see OpenSSL RT Issue 3179, Feature Request: Set Preference List for EC Curves in Client.
这篇关于如何传递SSL_CTX使用的EC命名曲线列表?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
