SSL renegotiation攻击 检测

SSL重协商:以不断的SSL密钥重协商来耗尽HTTPS服务器性能的一种攻击。

如何测试SSL重协商是否禁用:

使用openssl命令连接ssl端口,输入R后如果连接端口说明已禁用

如下是已禁用的

# openssl s_client -connect 10.67.164.199:31943

Verify return code: 18 (self signed certificate)

R
RENEGOTIATING
139994761959080:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:615:

如下是未禁用的

# openssl s_client -connect 10.67.164.199:31943

Verify return code: 18 (self signed certificate)

R
RENEGOTIATING
depth=0 C = CH, ST = ShenZhen, L = ShenZhen, O = Techstar, OU = Developer, CN = 10.66.49.232
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CH, ST = ShenZhen, L = ShenZhen, O = Techstar, OU = Developer, CN = 10.66.49.232
verify return:1
^C

发表评论

电子邮件地址不会被公开。 必填项已用*标注