我們正在進行一些測試,包括使用Indy 9(我們爲某些項目鎖定)和Indy 10.Delphi Indy 9和10:TraceSSL:TLS的日誌是什麼樣的?
我們需要驗證是否正在進行TLS連接。
使用TraceSSL標誌,我們正在查看日誌。
我們如何判斷(某些情況下)連接是否爲TLS 1.0?
這似乎對我們來說,是唯一的SSL V3(但爲什麼沒有提到TLS的最後一行):
SSL status: "SSLv3 write finished A"
SSL status: "SSLv3 flush data"
SSL status: "SSLv3 read finished A"
SSL status: "SSL negotiation finished successfully"
SSL status: "SSL negotiation finished successfully"
Cipher: name = RC4-SHA; description = RC4-SHA SSLv3 Kx=RSA
Au=RSA Enc=RC4(128) Mac=SHA1; bits = 128; version = TLSv1/SSLv3;
這一次,我們認爲是TLS 1.0,但日誌是什麼但明確的(它爲什麼說SSLv3的最後一行):
SSL status: "SSLv3 read server done A"
SSL status: "SSLv3 write client key exchange A"
SSL status: "SSLv3 write change cipher spec A"
SSL status: "SSLv3 write finished A"
SSL status: "SSLv3 flush data"
SSL status: "SSLv3 read finished A"
SSL status: "SSL negotiation finished successfully"
SSL status: "SSL negotiation finished successfully"
Cipher: name = DHE-RSA-AES256-SHA; description = DHE-RSA-AES256-SHA
SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1; bits = 256; version = TLSv1/SSLv3;
以下日誌Indy10,基於密碼,我們相信它是TLS,但日誌說的SSLv3遍:
SSL Version: sslvTLSv1_2
Resolving hostname #####.
Connecting to ############.
SSL status: "before/connect initialization"
SSL status: "before/connect initialization"
SSL status: "SSLv3 write client hello A"
SSL status: "SSLv3 read server hello A"
SSL status: "SSLv3 read server certificate A"
SSL status: "SSLv3 read server done A"
SSL status: "SSLv3 write client key exchange A"
SSL status: "SSLv3 write change cipher spec A"
SSL status: "SSLv3 write finished A"
SSL status: "SSLv3 flush data"
SSL status: "SSLv3 read finished A"
SSL status: "SSL negotiation finished successfully"
SSL status: "SSL negotiation finished successfully"
Cipher: name = AES128-SHA256;
description = AES128-SHA256
TLSv1.2 Kx=RSA
Au=RSA Enc=AES(128)
Mac=SHA256
; bits = 128; version = TLSv1/SSLv3;
最後,如果以上都不是TLS,那麼我們需要知道,關於SSLOptions和其他標誌,才能使其達到TLS?
謝謝!
謝謝! sslvTLSv1總是強制TLS,對吧?那安全嗎?那麼記錄會清楚地表明它是TLS而不是SSL? – Jonesome 2014-12-02 22:30:13
是的,'ssvTLSv1'僅限於TLS 1.0。較新版本的Indy也支持TLS v1.1和TLS v1.2。我不知道它會對日誌有什麼影響。這是OpenSSL的日誌,而不是Indy的日誌。 – 2014-12-02 23:30:47
我們現在的問題是日誌。當我們認爲它實際上在做TLS時,日誌充滿了對SSLv3的引用。我們應該做什麼?? (在1分鐘內修改OP) – Jonesome 2014-12-02 23:41:36