Comments (5)
TASSL 输出
bash-4.4# bin/openssl version
OpenSSL 1.1.1b Tassl 1.4 23 Aug 2020
bash-4.4# bin/openssl
OpenSSL> ciphers
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:ECC-SM4-SM3:ECDHE-SM4-SM3:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA
from tongsuo.
我们实现的国密标准不一样,TASSL实现的标准为GM0024下的两个算法套件,即ECC-SM2-WITH-SM4-SM3
与ECDHE-SM2-WITH-SM4-SM3
,我们实现的是这个标准下的套件:https://tools.ietf.org/html/draft-yang-tls-tls13-sm-suites-06 (即将成为rfc标准)
from tongsuo.
我们实现的国密标准不一样,TASSL实现的标准为GM0024下的两个算法套件,即
ECC-SM2-WITH-SM4-SM3
与ECDHE-SM2-WITH-SM4-SM3
,我们实现的是这个标准下的套件:https://tools.ietf.org/html/draft-yang-tls-tls13-sm-suites-06 (即将成为rfc标准)
我尝试对比了一下 TASSL & BabaSSL ciphers
输出,发现 BabaSSL 其实将官方TLSv1.3 ciphersuites的 TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:
替换成了 TLS_SM4_CCM_SM3:TLS_SM4_GCM_SM3:
;(真正实现 TLS 1.3 层面上的 SM 密码套件)
而 TASSL 相当于扩展了现有(TLS 1.2及以下)的算法套件:ECC-SM2-WITH-SM4-SM3
(ECC-SM4-SM3) 和 ECDHE-SM2-WITH-SM4-SM3
(ECDHE-SM4-SM3)
不知道我的理解是不是有偏差?
from tongsuo.
发现 BabaSSL 其实将官方TLSv1.3 ciphersuites的
TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:
替换成了TLS_SM4_CCM_SM3:TLS_SM4_GCM_SM3:
大致上没有问题,纠正一个小错误:我们不是替换,而是新增了两个国密算法的标准ciphersuites,更细节的部分,你可以阅读这个draft:https://tools.ietf.org/html/draft-yang-tls-tls13-sm-suites-06
TASSL与我们实现的不是同一份标准,而是GM0024标准,细节见这个文档:http://www.gmbz.org.cn/main/viewfile/20180110021416665180.html
from tongsuo.
已回答,关闭。
from tongsuo.
Related Issues (20)
- 缺乏ALPN的支持。
- 请问对称加密是否考虑支持 sm4-gcm HOT 2
- sm2 failure and Legacy X25519 PKEY fails in SSL handshake HOT 5
- 用硬算法engine加速SM2签名验签算法时,EVP_PKEY_METHOD的ctrl 和 ctrl_str函数中的 EVP_PKEY_CTRL_SET1_ID消息需要怎么处理?
- 在arm平台下tongsuo与openssl在国密上的性能对比 HOT 2
- 集成了铜锁的nginx,标准ssl反代国密,或者国密反代标准ssl,都访问不了,是什么原因?
- 谁在使用铜锁 Who is Using Tongsuo HOT 3
- 如何获取 peer enc_certificate 跟 peer sign_certificate?
- 在openEuler-22.03-LTS-loongarch64下编译和安装铜锁成功,可是执行tongsuo命令失败 HOT 1
- openssl 3.0相比1.1.1.有严重的性能问题,tongsuo基于3.0,会有这个问题吗? HOT 1
- 客户端代码使用ECDHE-SM2-WITH-SM4-SM3报错 HOT 1
- 临时目录编译不支持--symbol-prefix BABA_
- 请问铜锁支持国密双证书或单证书的 DTLS 吗?
- 请问8.4.0版本如何启用旧的算法支持?
- 请问该项目的avasdk会按照《GMT_0010-2012 SM2 密码算法加密签名消息语法规范》标准实现数字签名和数字信封的p7的封装吗
- 为什么NTLS会出现两个application data报文,SSL_write只写了一次且报文只有17字节
- 为什么Ntls不支持动态证书?
- 谁配过ssl_crl,为啥我配置后,客户端得到400的状态码错误
- 连接测试网站报错 HOT 1
- NTLS测试证书链验证失败,为什么能继续通信
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tongsuo.