使用BCryptAddContextFunction和BCryptRemoveContextFunction为TLS 1.2的Schannel密码套件排定优先级
我有一份密码套装清单,在我的服务器上应该可以接受。 例如:我只想处理系统中的那些套件 “TLS_ECDHE_RSA_与_AES_128_GCM_SHA256” “TLS_ECDHE_RSA_与_AES_128_CBC_SHA256” “TLS_ECDHE_ECDSA_与_AES_256_GCM_SHA384” 我试着使用了来自中国的样品 但是这只在理论上有效使用BCryptAddContextFunction和BCryptRemoveContextFunction为TLS 1.2的Schannel密码套件排定优先级,c,winapi,encryption,bcrypt,tls1.2,C,Winapi,Encryption,Bcrypt,Tls1.2,我有一份密码套装清单,在我的服务器上应该可以接受。 例如:我只想处理系统中的那些套件 “TLS_ECDHE_RSA_与_AES_128_GCM_SHA256” “TLS_ECDHE_RSA_与_AES_128_CBC_SHA256” “TLS_ECDHE_ECDSA_与_AES_256_GCM_SHA384” 我试着使用了来自中国的样品 但是这只在理论上有效 // for visual c++ #include <stdio.h> #include <windows.h>
// for visual c++
#include <stdio.h>
#include <windows.h>
#include <bcrypt.h>
#pragma comment(lib, "Bcrypt.lib")
#ifndef NT_SUCCESS
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
#endif
void addToTop(LPWSTR wszCipher){
SECURITY_STATUS Status = ERROR_SUCCESS;
wprintf_s(wszCipher);
printf_s("\r\n");
Status = BCryptAddContextFunction(
CRYPT_LOCAL,
L"SSL",
NCRYPT_SCHANNEL_INTERFACE,
wszCipher,
CRYPT_PRIORITY_TOP);
if (FAILED(Status))
{
printf_s("\n**** Error 0x%x returned by BCryptAddContextFunction\n", Status);
}
}
void printCipherSuites()
{
HRESULT Status = ERROR_SUCCESS;
DWORD cbBuffer = 0;
PCRYPT_CONTEXT_FUNCTIONS pBuffer = NULL;
Status = BCryptEnumContextFunctions(
CRYPT_LOCAL,
L"SSL",
NCRYPT_SCHANNEL_INTERFACE,
&cbBuffer,
&pBuffer);
if (FAILED(Status))
{
printf_s("\n**** Error 0x%x returned by BCryptEnumContextFunctions\n", Status);
goto Cleanup;
}
if (pBuffer == NULL)
{
printf_s("\n**** Error pBuffer returned from BCryptEnumContextFunctions is null");
goto Cleanup;
}
for (UINT index = 0; index < pBuffer->cFunctions; ++index)
{
printf_s("\n%S", pBuffer->rgpszFunctions[index]);
}
Cleanup:
if (pBuffer != NULL)
{
BCryptFreeBuffer(pBuffer);
}
getchar();
}
int removeSth()
{
printf_s("\nRemoving TLS_RSA_WITH_AES_128_CBC_SHA256");
LPWSTR wszCipher = L"TLS_RSA_WITH_AES_128_CBC_SHA256";
SECURITY_STATUS Status = ERROR_SUCCESS;
Status = BCryptRemoveContextFunction(
CRYPT_LOCAL,
L"SSL",
NCRYPT_SCHANNEL_INTERFACE,
wszCipher);
if (FAILED(Status))
{
printf_s("\n**** Error 0x%x returned by BCryptRemoveContextFunction\n", Status);
}
return 0;
}
void main()
{
addToTop(L"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
addToTop(L"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256");
addToTop(L"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384");
printCipherSuites();
}
<代码> //用于Visual C++
#包括
#包括
#包括
#pragma注释(lib,“Bcrypt.lib”)
#ifndef NT_成功
#定义NT_成功(状态)((NTSTATUS)(状态)>=0)
#恩迪夫
void addToTop(LPWSTR wszCipher){
安全\状态状态=错误\成功;
wprintf_s(wszCipher);
打印文件(“\r\n”);
状态=BCryptAddContextFunction(
CRYPT_LOCAL,
L“SSL”,
NCRYPT_SCHANNEL_接口,
wszCipher,
地下室(优先级最高);
如果(失败(状态))
{
printf_s(“\n****BCryptAddContextFunction返回的错误0x%x”,状态);
}
}
作废打印密码套件()
{
HRESULT Status=错误\成功;
DWORD cbBuffer=0;
PCRYPT_CONTEXT_函数pBuffer=NULL;
状态=BCryptEnumContextFunctions(
CRYPT_LOCAL,
L“SSL”,
NCRYPT_SCHANNEL_接口,
&cbBuffer,
&pBuffer);
如果(失败(状态))
{
printf_s(“\n****BCryptEnumContextFunctions返回的错误0x%x”,状态);
去清理;
}
如果(pBuffer==NULL)
{
printf_s(“\n****从BCryptEnumContextFunctions返回的错误pBuffer为null”);
去清理;
}
对于(UINT index=0;index