概述
在Lighttpd.conf中配置如下:
ssl.engine="enable"
ssl.pemfile="certandkey.pem"
#证书文件
ssl.ca-file="CA_cert.pem"
#证书文件
ssl.verifyclient.activate="enable"
ssl.cipher-list = "TLSv1.2"
#配置为1.2
配置完后要重启Lighttpd服务
/etc/init.d/lighttpd restart
此时通过TLS1.01.1发送请求就会失败
如下:
1、TLS1.0请求
Note: Unnecessary use of -X or --request, GET is already inferred.
% Total
% Received % Xferd
Average Speed
Time
Time
Time
Current
Dload
Upload
Total
Spent
Left
Speed
0
0
0
0
0
0
0
0 --:--:-- --:--:-- --:--:--
0* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.0 (OUT), TLS handshake, Client hello (1):
} [166 bytes data]
* TLSv1.0 (IN), TLS header, Unknown (21):
{ [5 bytes data]
* TLSv1.0 (IN), TLS alert, Server hello (2):
{ [2 bytes data]
* error:14077410:lib(20):func(119):reason(1040)
0
0
0
0
0
0
0
0 --:--:-- --:--:-- --:--:--
0
curl: (35) error:14077410:lib(20):func(119):reason(1040)
2、TLS1.1请求
Note: Unnecessary use of -X or --request, GET is already inferred.
% Total
% Received % Xferd
Average Speed
Time
Time
Time
Current
Dload
Upload
Total
Spent
Left
Speed
0
0
0
0
0
0
0
0 --:--:-- --:--:-- --:--:--
0* TLSv1.1 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.1 (OUT), TLS handshake, Client hello (1):
} [166 bytes data]
* TLSv1.1 (IN), TLS header, Unknown (21):
{ [5 bytes data]
* TLSv1.1 (IN), TLS alert, Server hello (2):
{ [2 bytes data]
* error:14077410:lib(20):func(119):reason(1040)
0
0
0
0
0
0
0
0 --:--:-- --:--:-- --:--:--
0
curl: (35) error:14077410:lib(20):func(119):reason(1040)
可以看到上面的都失败了,返回error,握手失败,下面看1.2
3、TLS1.2请求
Note: Unnecessary use of -X or --request, GET is already inferred.
% Total
% Received % Xferd
Average Speed
Time
Time
Time
Current
Dload
Upload
Total
Spent
Left
Speed
0
0
0
0
0
0
0
0 --:--:-- --:--:-- --:--:--
0* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [94 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [1371 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
{ [66 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
} [1370 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
} [264 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
0
0
0
0
0
0
0
0 --:--:-- --:--:-- --:--:--
0* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
> GET /api/v1/wireless/aps HTTP/1.1
> Host: 192.168.200.254:8190
> User-Agent: curl/7.57.0
> Accept: */*
> Content-type:application/json
>
0
0
0
0
0
0
0
0 --:--:--
0:00:02 --:--:--
0{ [5 bytes data]
< HTTP/1.1 200 OK
< Content-type: application/json
< Content-Length: 466
< Date: Wed, 15 May 2019 03:32:00 GMT
< Server: lighttpd/1.4.45
可以看到握手成功的信息,并没有error。
最后
以上就是精明夏天为你收集整理的OpenSSL-在Lighttpd中禁用TLS1.0和1.1,仅开启1.2的方法的全部内容,希望文章能够帮你解决OpenSSL-在Lighttpd中禁用TLS1.0和1.1,仅开启1.2的方法所遇到的程序开发问题。
如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。
本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
发表评论 取消回复