检查连接是否为TLSv1 vs SSLv3(SSL_CIPHER_description / SSL_CIPHER_get_name) [英] Check if a connection is TLSv1 vs SSLv3 (SSL_CIPHER_description/SSL_CIPHER_get_name)

查看:508
本文介绍了检查连接是否为TLSv1 vs SSLv3(SSL_CIPHER_description / SSL_CIPHER_get_name)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个使用OpenSSL的服务器应用程序。我正在尝试了解什么类型的SSL连接正在触及我的系统(即SSLv2,SSLv3,TLSv1,TLSv1.1,TLSv1.2)。特别是,我正在努力禁用SSLv3(re:POODLE)。在我可以这样做之前,我想看看谁在/在SSLv3上连接什么



我正在使用SSL_CIPHER_description和SSL_CIPHER_get_name功能,它们提供了非常好的信息为每个连接协商的密码



我在尝试区分SSLv3与TLSv1连接时遇到一些挑战。每
https://www.openssl.org/docs/ssl/SSL_CIPHER_get_name。 html 

 TLSv1.0密码用SSLv3标记,TLSv1.1没有添加新的密码。

我已经确认TLSv1连接被注明为SSLv3
例如:SSL_CIPHER_description返回以下内容在绝对TLSv1.0的连接上:
AES256-SHA SSLv3 Kx = RSA Au = RSA Enc = AES(256)Mac = SHA1



有没有人有没有任何想法如何检测连接是SSLv3与TLSv1在OpenSSL?

解决方案

您可以使用方法 SSL_get_version(SSL * ssl) 连接成功协商后。


I have a server application that uses OpenSSL. I'm trying to understand what type of SSL connections are hitting my system (i.e. SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2). In particular, I'm working towards disabling SSLv3 (re: POODLE). Before I can do that, I want to see who/what is connecting on SSLv3

I'm currently using the SSL_CIPHER_description and SSL_CIPHER_get_name functions, which provide really good information on the ciphers negotiated for each connection

I'm having some challenges trying to differentiate SSLv3 vs TLSv1 connections. Per https://www.openssl.org/docs/ssl/SSL_CIPHER_get_name.html: 

"The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers were added by TLSv1.1."

I've confirmed that TLSv1 connections get noted as SSLv3 Ex: SSL_CIPHER_description returns the following on a connection that is definitely TLSv1.0: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1

Does anyone have any ideas on how to detect if a connection is SSLv3 versus TLSv1 in OpenSSL?

解决方案

You can use the method SSL_get_version(SSL *ssl) after the connection is successfully negotiated.

这篇关于检查连接是否为TLSv1 vs SSLv3(SSL_CIPHER_description / SSL_CIPHER_get_name)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
开发方法最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆