我们正在进行一些测试,包括使用Indy 9(我们为某些项目锁定)和Indy 10.Delphi Indy 9和10:TraceSSL:TLS的日志是什么样的?
我们需要验证是否正在进行TLS连接。
使用TraceSSL标志,我们正在查看日志。
我们如何判断(某些情况下)连接是否为TLS 1.0?
这似乎对我们来说,是唯一的SSL V3(但为什么没有提到TLS的最后一行):
SSL status: "SSLv3 write finished A"
SSL status: "SSLv3 flush data"
SSL status: "SSLv3 read finished A"
SSL status: "SSL negotiation finished successfully"
SSL status: "SSL negotiation finished successfully"
Cipher: name = RC4-SHA; description = RC4-SHA SSLv3 Kx=RSA
Au=RSA Enc=RC4(128) Mac=SHA1; bits = 128; version = TLSv1/SSLv3;
这一次,我们认为是TLS 1.0,但日志是什么但明确的(它为什么说SSLv3的最后一行):
SSL status: "SSLv3 read server done A"
SSL status: "SSLv3 write client key exchange A"
SSL status: "SSLv3 write change cipher spec A"
SSL status: "SSLv3 write finished A"
SSL status: "SSLv3 flush data"
SSL status: "SSLv3 read finished A"
SSL status: "SSL negotiation finished successfully"
SSL status: "SSL negotiation finished successfully"
Cipher: name = DHE-RSA-AES256-SHA; description = DHE-RSA-AES256-SHA
SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1; bits = 256; version = TLSv1/SSLv3;
以下日志Indy10,基于密码,我们相信它是TLS,但日志说的SSLv3遍:
SSL Version: sslvTLSv1_2
Resolving hostname #####.
Connecting to ############.
SSL status: "before/connect initialization"
SSL status: "before/connect initialization"
SSL status: "SSLv3 write client hello A"
SSL status: "SSLv3 read server hello A"
SSL status: "SSLv3 read server certificate A"
SSL status: "SSLv3 read server done A"
SSL status: "SSLv3 write client key exchange A"
SSL status: "SSLv3 write change cipher spec A"
SSL status: "SSLv3 write finished A"
SSL status: "SSLv3 flush data"
SSL status: "SSLv3 read finished A"
SSL status: "SSL negotiation finished successfully"
SSL status: "SSL negotiation finished successfully"
Cipher: name = AES128-SHA256;
description = AES128-SHA256
TLSv1.2 Kx=RSA
Au=RSA Enc=AES(128)
Mac=SHA256
; bits = 128; version = TLSv1/SSLv3;
最后,如果以上都不是TLS,那么我们需要知道,关于SSLOptions和其他标志,才能使其达到TLS?
谢谢!
谢谢! sslvTLSv1总是强制TLS,对吧?那安全吗?那么记录会清楚地表明它是TLS而不是SSL? – Jonesome 2014-12-02 22:30:13
是的,'ssvTLSv1'仅限于TLS 1.0。较新版本的Indy也支持TLS v1.1和TLS v1.2。我不知道它会对日志有什么影响。这是OpenSSL的日志,而不是Indy的日志。 – 2014-12-02 23:30:47
我们现在的问题是日志。当我们认为它实际上在做TLS时,日志充满了对SSLv3的引用。我们应该做什么?? (在1分钟内修改OP) – Jonesome 2014-12-02 23:41:36