检查连接是

检查连接是

关注
发信
关注(28)粉丝(399)

检查连接是 TLSv1 还是 SSLv3 (SSL_CIPHER_description/SSL_CIPHER_get_name)

本文介绍了检查连接是 TLSv1 还是 SSLv3 (SSL_CIPHER_description/SSL_CIPHER_get_name)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个使用 OpenSSL 的服务器应用程序.我试图了解什么类型的 SSL 连接正在访问我的系统(即 SSLv2、SSLv3、TLSv1、TLSv1.1、TLSv1.2).特别是,我正在努力禁用 SSLv3(re:POODLE).在我这样做之前,我想看看谁/什么在 SSLv3 上连接

I have a server application that uses OpenSSL. I'm trying to understand what type of SSL connections are hitting my system (i.e. SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2). In particular, I'm working towards disabling SSLv3 (re: POODLE). Before I can do that, I want to see who/what is connecting on SSLv3

我目前正在使用 SSL_CIPHER_description 和 SSL_CIPHER_get_name 函数,它们提供了关于为每个连接协商的密码的非常好的信息

I'm currently using the SSL_CIPHER_description and SSL_CIPHER_get_name functions, which provide really good information on the ciphers negotiated for each connection

我在尝试区分 SSLv3 与 TLSv1 连接时遇到了一些挑战.每https://www.openssl.org/docs/ssl/SSL_CIPHER_get_name.html:

I'm having some challenges trying to differentiate SSLv3 vs TLSv1 connections. Perhttps://www.openssl.org/docs/ssl/SSL_CIPHER_get_name.html: 

"The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers were added by TLSv1.1."

我已经确认 TLSv1 连接被标记为 SSLv3例如:SSL_CIPHER_description 在绝对是 TLSv1.0 的连接上返回以下内容:AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1

I've confirmed that TLSv1 connections get noted as SSLv3Ex: SSL_CIPHER_description returns the following on a connection that is definitely TLSv1.0:AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1

有没有人知道如何在 OpenSSL 中检测连接是 SSLv3 还是 TLSv1?

Does anyone have any ideas on how to detect if a connection is SSLv3 versus TLSv1 in OpenSSL?

推荐答案

您可以使用方法 SSL_get_version(SSL *ssl) 连接成功后.

You can use the method SSL_get_version(SSL *ssl) after the connection is successfully negotiated.

这篇关于检查连接是 TLSv1 还是 SSLv3 (SSL_CIPHER_description/SSL_CIPHER_get_name)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 12:54
Powered by LMLPHP ©2024 检查连接是 0.042358