如何解决使用 ECDH 密钥的 Indy TLS 服务器“无共享密码”
希望有人能帮我解决这个问题。带有 OpenSSL 支持的简单 TIdHTTPServer
,用于使用基于 ECDH 的密钥解码来自客户端的 TLS 流量。
使用以下命令创建的服务器密钥:
openssl ecparam -name secp256k1 -genkey -noout -out key.pem
服务器调试日志:
23:33:14.878 SSL status: "before/accept initialization"
23:33:14.886 SSL status: "SSLv3 read client hello C"
23:33:14.886 SSL status: "error"
23:33:14.887 Connection from: 192.168.12.1:23727 Closed
23:33:14.887 EXCEPTION: Error accepting connection with SSL.
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
从this question,我好像需要打电话给SSL_CTX_set_ecdh_auto(ctx,1)
SSL 服务器初始化:
ServerIOHandler = new TIdServerIOHandleRSSLOpenSSL();
ServerIOHandler->SSLOptions->CertFile = CertPath;
ServerIOHandler->SSLOptions->KeyFile = KeyPath;
ServerIOHandler->SSLOptions->RootCertFile = RootCertPath;
ServerIOHandler->SSLOptions->Method = sslvTLSv1_2;
ServerIOHandler->SSLOptions->Mode = sslmServer;
//ServerIOHandler->SSLOptions->CipherList = "";
ServerIOHandler->SSLOptions->VerifyDepth = 1;
ServerIOHandler->Ongetpassword = OnGetServerPassword;
ServerIOHandler->OnStatusInfo = SSL_Status;
TLSServer->Bindings->Add();
TLSServer->Bindings->Items[0]->IP = TLSServerInfo.AdapterIP;
TLSServer->Bindings->Items[0]->Port = TLSServerInfo.LocalPort;
TLSServer->DefaultPort = TLSServerInfo.LocalPort;
TLSServer->IOHandler = ServerIOHandler;
try {
PanelServer->Active = true;
}
catch (Exception &Ex) {
Msg = String(L"SSL Server Bound Exception: ") + Ex.Message;
}
我已经按照 these instructions 将 SSL_CTX_set_ecdh_auto()
添加到我的 IdSSLOpenSSLHeaders.pas
文件中,但是如果我尝试添加一个条目以从我的代码中调用 SSL_CTX_set_ecdh_auto()
,我会得到一个“调用未定义的函数 'SSL_CTX_set_ecdh_auto'" 错误。
我正在运行 Indy 10.6.2。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。