Ssl SNI(服务器名称指示)适用于TLS 1.2,但被TLS 1.0上的服务器拒绝
以下是Wireshark的输出: 1) TLS v1.0,服务器引发不支持的扩展(110)警报: 2) TLS v1.2运行良好,正如预期的那样:Ssl SNI(服务器名称指示)适用于TLS 1.2,但被TLS 1.0上的服务器拒绝,ssl,tls1.2,Ssl,Tls1.2,以下是Wireshark的输出: 1) TLS v1.0,服务器引发不支持的扩展(110)警报: 2) TLS v1.2运行良好,正如预期的那样: TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 78 Handshake Protocol: Client Hello
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 78
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 74
Version: TLS 1.2 (0x0303)
Random
Session ID Length: 0
Cipher Suites Length: 8
Cipher Suites (4 suites)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 25
Extension: server_name
Type: server_name (0x0000)
Length: 21
Server Name Indication extension
Server Name list length: 19
Server Name Type: host_name (0)
Server Name length: 16
Server Name: www.google.co.uk
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 85
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 81
Version: TLS 1.2 (0x0303)
Random
Session ID Length: 32
Session ID: c702788e7eaea1da30876968caedd785819c304da7e08bde...
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Compression Method: null (0)
Extensions Length: 9
Extension: renegotiation_info
Type: renegotiation_info (0xff01)
Length: 1
Renegotiation Info extension
Extension: server_name
Type: server_name (0x0000)
Length: 0
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 262
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 258
RSA Encrypted PreMaster Secret
然后它继续成功地完成握手
我知道SNI是在TLSV.1.0RFC之后引入的,但从我的阅读来看,它不应该阻止SNI在v1.0上工作
[在任何人建议只更新到TLS v1.2之前-我很乐意这样做,但受旧客户端atm上的空间/内存限制。
作为参考,这是运行在Windows CE上的.NET compact Framework客户端。]原来是[older]BouncyCastle C#端口中的一个bug,在最新的BC版本中修复。
感谢Steffen Ullrich您确定警报是由服务器而不是客户端生成的吗?在服务器hello完成之后,在客户端发送任何新消息之前发送此类警报是非常不寻常的。除此之外,我使用SNI、TLS 1.0和OpenSSL的相同密码访问google.co.uk没有问题。@SteffenUllrich是的,OpenSSL工作正常。我将修改TLS客户端代码,谢谢你的提示。这是BouncyCastle的C#port,顺便问一下,问题解决了吗?如果是,请勾选复选标记,使其变为绿色,将其标记为已解决。
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 78
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 74
Version: TLS 1.2 (0x0303)
Random
Session ID Length: 0
Cipher Suites Length: 8
Cipher Suites (4 suites)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 25
Extension: server_name
Type: server_name (0x0000)
Length: 21
Server Name Indication extension
Server Name list length: 19
Server Name Type: host_name (0)
Server Name length: 16
Server Name: www.google.co.uk
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 85
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 81
Version: TLS 1.2 (0x0303)
Random
Session ID Length: 32
Session ID: c702788e7eaea1da30876968caedd785819c304da7e08bde...
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Compression Method: null (0)
Extensions Length: 9
Extension: renegotiation_info
Type: renegotiation_info (0xff01)
Length: 1
Renegotiation Info extension
Extension: server_name
Type: server_name (0x0000)
Length: 0
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 262
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 258
RSA Encrypted PreMaster Secret