1. 首頁
  2. 問答
  3. Delphi Indy 9和10:TraceSSL:TLS的日誌是什麼樣的?

Delphi Indy 9和10:TraceSSL:TLS的日誌是什麼樣的?

2014-12-02 64 views
-1

我們正在進行一些測試,包括使用Indy 9(我們爲某些項目鎖定)和Indy 10.Delphi Indy 9和10:TraceSSL:TLS的日誌是什麼樣的?

我們需要驗證是否正在進行TLS連接。

使用TraceSSL標誌,我們正在查看日誌。

我們如何判斷(某些情況下)連接是否爲TLS 1.0?

這似乎對我們來說,是唯一的SSL V3(但爲什麼沒有提到TLS的最後一行):

SSL status: "SSLv3 write finished A" 
SSL status: "SSLv3 flush data" 
SSL status: "SSLv3 read finished A" 
SSL status: "SSL negotiation finished successfully" 
SSL status: "SSL negotiation finished successfully" 
Cipher: name = RC4-SHA; description = RC4-SHA    SSLv3 Kx=RSA  
Au=RSA Enc=RC4(128) Mac=SHA1; bits = 128; version = TLSv1/SSLv3;

這一次,我們認爲是TLS 1.0,但日誌是什麼但明確的(它爲什麼說SSLv3的最後一行):

SSL status: "SSLv3 read server done A" 
SSL status: "SSLv3 write client key exchange A" 
SSL status: "SSLv3 write change cipher spec A" 
SSL status: "SSLv3 write finished A" 
SSL status: "SSLv3 flush data" 
SSL status: "SSLv3 read finished A" 
SSL status: "SSL negotiation finished successfully" 
SSL status: "SSL negotiation finished successfully" 
Cipher: name = DHE-RSA-AES256-SHA; description = DHE-RSA-AES256-SHA  
SSLv3 Kx=DH  Au=RSA Enc=AES(256) Mac=SHA1; bits = 256; version = TLSv1/SSLv3;

以下日誌Indy10,基於密碼,我們相信它是TLS,但日誌說的SSLv3遍:

SSL Version: sslvTLSv1_2 
Resolving hostname #####. 
Connecting to ############. 
SSL status: "before/connect initialization" 
SSL status: "before/connect initialization" 
SSL status: "SSLv3 write client hello A" 
SSL status: "SSLv3 read server hello A" 
SSL status: "SSLv3 read server certificate A" 
SSL status: "SSLv3 read server done A" 
SSL status: "SSLv3 write client key exchange A" 
SSL status: "SSLv3 write change cipher spec A" 
SSL status: "SSLv3 write finished A" 
SSL status: "SSLv3 flush data" 
SSL status: "SSLv3 read finished A" 
SSL status: "SSL negotiation finished successfully" 
SSL status: "SSL negotiation finished successfully" 
Cipher: name = AES128-SHA256; 
description = AES128-SHA256   
TLSv1.2 Kx=RSA  
Au=RSA Enc=AES(128) 
Mac=SHA256 
; bits = 128; version = TLSv1/SSLv3;

最後,如果以上都不是TLS,那麼我們需要知道,關於SSLOptions和其他標誌,才能使其達到TLS?

謝謝!

來源

2014-12-02 Jonesome

回答

1

要使用TLS V1,你需要設置SSLOptions.MethodsslvTLSv1(在印第安納波利斯10,則可以選擇能夠在SSLOptions.SSLVersions屬性,它取代了SSLOptions.Method財產sslvTLSv1)。

來源

2014-12-02 22:29:00

+0

謝謝! sslvTLSv1總是強制TLS,對吧?那安全嗎?那麼記錄會清楚地表明它是TLS而不是SSL? – Jonesome 2014-12-02 22:30:13

+0

是的,'ssvTLSv1'僅限於TLS 1.0。較新版本的Indy也支持TLS v1.1和TLS v1.2。我不知道它會對日誌有什麼影響。這是OpenSSL的日誌,而不是Indy的日誌。 – 2014-12-02 23:30:47

+0

我們現在的問題是日誌。當我們認爲它實際上在做TLS時,日誌充滿了對SSLv3的引用。我們應該做什麼?? (在1分鐘內修改OP) – Jonesome 2014-12-02 23:41:36

0

花了一些分鐘,但我們現在看到,知道正在使用的TLS ver的唯一方法是查看所使用的密碼,然後在openssl密碼列表中查看該密碼。至少這部分是在控制之下。

加密表:https://www.openssl.org/docs/apps/ciphers.html

來源

2014-12-03 00:32:46 Jonesome

相關問題

 相關問題