Openssl s_server DTLSv1.2 不适用于证书 RSA-PSS
问题描述 投票:0回答:1
我在使用带有 RSA-PSS 证书的 DTLS 时遇到一些问题。
我的最终实体证书带有 rsa-pss 密钥并使用 rsa-pss 签名算法进行签名:
我的最终实体已在我的根证书 CA_ROOT_PKCS1_5.crt 下注册
证书摘录:
....
主题公钥信息:
公钥算法:rsassaPss
RSA-PSS 公钥:(2048 位)
...
签名算法:rsassaPss
哈希算法:sha512
掩码算法:mgf1 和 sha512
盐长度:0x01BE
尾部字段:0xBC(默认)
...
出于测试目的,我在客户端和服务器端使用相同的密钥对。
我在客户端和服务器之间进行TLSv1.2连接(TLS相互身份验证):
openssl s_server -cert ee_underRoot_pss_sign_pss.crt -key ee_pss_RSA.key -CAfile CA_ROOT_PKCS1_5.crt -tls1_2 -accept 127.0.0.1:30000 -security_debug_verbose openssl s_client -showcerts -tls1_2 -cert ee_underRoot_pss_sign_pss.crt -key ee_pss_RSA.key -CAfile CA_ROOT_PKCS1_5.crt -connect 127.0.0.1:30000 -security_debug_verbose一切顺利!
我现在尝试做同样的事情,但是在 DTLSv1.2:
openssl s_server -cert ee_underRoot_pss_sign_pss.crt -key ee_pss_RSA.key -CAfile CA_ROOT_PKCS1_5.crt -dtls1_2 -accept 127.0.0.1:30000 -security_debug_verbose openssl s_client -showcerts -dtls1_2 -cert ee_underRoot_pss_sign_pss.crt -key ee_pss_RSA.key -CAfile CA_ROOT_PKCS1_5.crt -connect 127.0.0.1:30000 -security_debug_verbose但握手失败并出现以下错误:“无共享密码”
当我查看客户端支持的密码套件时,有与我使用 TLS 时相同的列表
这里是服务器端的跟踪:
verify depth is 10, must return a certificate
Using default temp DH parameters
Security callback: Certificate chain EE key=RSA-PSS, bits=2048, security bits=112: yes
Security callback: Certificate chain CA digest=RSASSA-PSS, security bits=256: yes
ACCEPT
Security callback: Version=???: yes
Security callback: Version=???: yes
Security callback: Version=???: yes
Security callback: : yes
Security callback: Shared Signature Algorithm digest=SHA256, algorithm=ECDSA, security bits=128: yes
Security callback: Shared Signature Algorithm digest=SHA384, algorithm=ECDSA, security bits=192: yes
Security callback: Shared Signature Algorithm digest=SHA512, algorithm=ECDSA, security bits=256: yes
Security callback: Shared Signature Algorithm digest=SHA256, algid=9, security bits=128: yes
Security callback: Shared Signature Algorithm digest=SHA384, algid=10, security bits=192: yes
Security callback: Shared Signature Algorithm digest=SHA512, algid=11, security bits=256: yes
Security callback: Shared Signature Algorithm digest=SHA256, algid=4, security bits=128: yes
Security callback: Shared Signature Algorithm digest=SHA384, algid=5, security bits=192: yes
Security callback: Shared Signature Algorithm digest=SHA512, algid=6, security bits=256: yes
Security callback: Shared Signature Algorithm digest=SHA256, algorithm=RSA, security bits=128: yes
Security callback: Shared Signature Algorithm digest=SHA384, algorithm=RSA, security bits=192: yes
Security callback: Shared Signature Algorithm digest=SHA512, algorithm=RSA, security bits=256: yes
Security callback: Shared Signature Algorithm digest=SHA224, algorithm=ECDSA, security bits=112: yes
Security callback: Shared Signature Algorithm digest=SHA1, algorithm=ECDSA, security bits=80: yes
Security callback: Shared Signature Algorithm digest=SHA224, algorithm=RSA, security bits=112: yes
Security callback: Shared Signature Algorithm digest=SHA1, algorithm=RSA, security bits=80: yes
Security callback: Shared Signature Algorithm digest=SHA224, algorithm=DSA, security bits=112: yes
Security callback: Shared Signature Algorithm digest=SHA1, algorithm=DSA, security bits=80: yes
Security callback: Shared Signature Algorithm digest=SHA256, algorithm=DSA, security bits=128: yes
Security callback: Shared Signature Algorithm digest=SHA384, algorithm=DSA, security bits=192: yes
Security callback: Shared Signature Algorithm digest=SHA512, algorithm=DSA, security bits=256: yes
Security callback: Shared Signature Algorithm digest=SHA256, algorithm=ECDSA, security bits=128: yes
Security callback: Shared Signature Algorithm digest=SHA384, algorithm=ECDSA, security bits=192: yes
Security callback: Shared Signature Algorithm digest=SHA512, algorithm=ECDSA, security bits=256: yes
Security callback: Shared Signature Algorithm digest=SHA256, algid=9, security bits=128: yes
Security callback: Shared Signature Algorithm digest=SHA384, algid=10, security bits=192: yes
Security callback: Shared Signature Algorithm digest=SHA512, algid=11, security bits=256: yes
Security callback: Shared Signature Algorithm digest=SHA256, algid=4, security bits=128: yes
Security callback: Shared Signature Algorithm digest=SHA384, algid=5, security bits=192: yes
Security callback: Shared Signature Algorithm digest=SHA512, algid=6, security bits=256: yes
Security callback: Shared Signature Algorithm digest=SHA256, algorithm=RSA, security bits=128: yes
Security callback: Shared Signature Algorithm digest=SHA384, algorithm=RSA, security bits=192: yes
Security callback: Shared Signature Algorithm digest=SHA512, algorithm=RSA, security bits=256: yes
Security callback: Shared Signature Algorithm digest=SHA224, algorithm=ECDSA, security bits=112: yes
Security callback: Shared Signature Algorithm digest=SHA1, algorithm=ECDSA, security bits=80: yes
Security callback: Shared Signature Algorithm digest=SHA224, algorithm=RSA, security bits=112: yes
Security callback: Shared Signature Algorithm digest=SHA1, algorithm=RSA, security bits=80: yes
Security callback: Shared Signature Algorithm digest=SHA224, algorithm=DSA, security bits=112: yes
Security callback: Shared Signature Algorithm digest=SHA1, algorithm=DSA, security bits=80: yes
Security callback: Shared Signature Algorithm digest=SHA256, algorithm=DSA, security bits=128: yes
Security callback: Shared Signature Algorithm digest=SHA384, algorithm=DSA, security bits=192: yes
Security callback: Shared Signature Algorithm digest=SHA512, algorithm=DSA, security bits=256: yes
ERROR
540409864:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher:ssl/statem/statem_srvr.c:2263:
shutting down SSL
CONNECTION CLOSED
(如果相反,我使用包含“公钥 rsaencryption”而不是“公钥 rsapss”的证书,DTLS 有效)
我不明白为什么它可以与 TLS1.2 配合使用,但不能与 DTLS1.2 配合使用。你能帮我吗?
(我的 openssl1.1.1 和 openssl3.0 都有问题)'
1个回答
0
投票
投票
我无法证明是否定的——虽然这是关于代码的,但我不确定它是否真的与主题相关——但我怀疑这是因为没有任何说法表明它应该工作。
5246 和 6347 都没有提及任何有关 PSS 的内容(尽管 4055 早在 2005 年就实现了它,还有 OAEP,在 PKIX certs 中,它们在某种程度上与 TLS 和 DTLS 相关)。 8446 要求协议签名使用 PSS(如果是 RSA),并且更喜欢在 4.2.3 中使用证书(sigals 和 sigalgs-cert),并指出
- Implementations that advertise support for RSASSA-PSS (which is
mandatory in TLS 1.3) MUST be prepared to accept a signature using
that scheme even when TLS 1.2 is negotiated. In TLS 1.2,
RSASSA-PSS is used with RSA cipher suites.
也在1.3中得到重申。 DTLS 1.2 中没有关于使用 PSS 的类似声明,唯一引用 6347 的是关于使用 cookie 卸载 HRR 状态。
无论如何,这就是代码实现的——PSS 证书和密钥只能在 TLS 版本 1.2 中选择带有 aRSA 的 1.2 套件,而不是(任何)DTLS。
注意 DTLS 1.3 实现(必须使用 PSS,并且可能为 1.2 提供它作为“奖励”)最近才开始,因为它可能需要 API 更改,并且 3.2 已经处于测试阶段,因此可能需要等待至少 3.3。
最新问题
- 产品展示中的产品描述
- Laravel 4 分页 - 无法超越第 1 页
- 如何配置 Perl Tidy 不换行?
- 如何在 Laravel 中合并两个集合?
- 覆盖的创建方法不会触发关系()->create()
- Unity,从不同的游戏对象生成预制件
- Prestashop 1.7 在电子邮件total_shipping_tax_excl 中添加新变量
- Symfony 2 - 在 ROLE_USER 下添加用户角色
- Compose 函数在将状态值传递给另一个函数时会进行重构
- GrapesJS 如何实现全局块
- JUnit 针对同一函数最佳实践测试多个值
- 从 CSS 网格中删除子项
- 如何将多个谓词应用于 java.util.Stream?
- 如何构建 next.js 项目并将其手动部署到 Netlify?
- 以特定顺序对列项目进行排序或排序使用雪花代码
- 模仿CHOOSE()函数?
- Python 服务器“已中止(核心已转储)”
- Android CameraX FPS > 30 会导致图像裁剪
- 是否可以配置 spring-openapi 在 v3 api-docs 中生成可预测的订单输出?
- 如何提取注册信息?
© www.soinside.com 2019 - 2024. All rights reserved.