【发布时间】:2021-07-28 22:44:12
【问题描述】:
尝试使用 OpenSSL 为 TLS1.3 引发 TLS 警报 unrecognized_name,但它没有出现。 对于 TLS1.2,它可以工作。有谁明白为什么?以下是命令示例:
openssl s_server -accept 9443 -key signed-pem.key -cert signed-pem.cert -tls1_2 -key2 anydesk.com.key -cert2 anydesk.com.cert -servername anydesk.com -cipher ALL:COMPLEMENTOFALL
Setting secondary ctx parameters
Using default temp DH parameters
ACCEPT
openssl s_client -connect 10.10.10.55:9443 -CAfile signed-pem.cert -tls1_2 -cipher DHE-RSA
-AES128-SHA -state -servername desk.com
CONNECTED(00000005)
SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL3 alert read:warning:unrecognized name
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS read server hello
对于 TLS1.3:
openssl s_server -accept 9443 -key signed-pem.key -cert signed-pem.cert -tls1_3 -key2 anydesk.com.key -cert2 anydesk.com.cert -servername anydesk.com -cipher ALL:COMPLEMENTOFALL
Setting secondary ctx parameters
Using default temp DH parameters
ACCEPT
openssl s_client -connect 10.10.10.55:9443 -CAfile signed-pem.cert -tls1_3 -ciphersuites TLS_AES_128_GCM_SHA256 -state -servername desk.com
CONNECTED(00000005)
SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS write client hello
SSL_connect:SSLv3/TLS read server hello
SSL_connect:TLSv1.3 read encrypted extensions
SSL_connect:SSLv3/TLS read server certificate
SSL_connect:TLSv1.3 read server certificate verify
SSL_connect:SSLv3/TLS read finished
SSL_connect:SSLv3/TLS write change cipher spec
SSL_connect:SSLv3/TLS write finished
【问题讨论】: