Delphi Berlin TIdHTTPServer(Indy 10)[https/ssl/tls]:过时的密钥交换(RSA)和漏洞客户端发起的重新协商
ar0*_*968 5 delphi ssl indy idhttp tls1.2
我有一个IdHTTPServer,我想实现对处理HTTP和HTTPS请求的支持.这是我的代码:
FSSLHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil);
FSSLHandler.SSLOptions.CertFile := 'certificate.pem';
FSSLHandler.SSLOptions.KeyFile := 'key.pem';
FSSLHandler.SSLOptions.RootCertFile := 'chain.pem';
FIdHTTPServer.Bindings.Add.Port := 443;
FIdHTTPServer.IOHandler := FSSLHandler;
FIdHTTPServer.Activate := true;
在我的服务器目录ssleay32.dll和ssleay32.dll从http://indy.fulgan.com/SSL/下载的v1.0.2l(Win32)
当我向Chrome发出请求时,在开发者工具的安全性标签中,我看到:
此外,使用sslyze分析服务器我还有其他一些安全问题(请参阅VULNERABLE标签):
> sslyze --regular local.XXXXXXXXXXXXXX.com:4343
SCAN RESULTS FOR LOCAL.XXXXXXXXXXXXXX.COM:4343 - 127.0.0.1
--------------------------------------------------------
* SSLV2 Cipher Suites:
Server rejected all cipher suites.
* TLSV1_1 Cipher Suites:
Preferred:
None - Server followed client cipher suite preference.
Accepted:
TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits
TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits
TLS_RSA_WITH_SEED_CBC_SHA - 128 bits
* SSLV3 Cipher Suites:
Server rejected all cipher suites.
* TLSV1 Cipher Suites:
Preferred:
None - Server followed client cipher suite preference.
Accepted:
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits
TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits
TLS_RSA_WITH_SEED_CBC_SHA - 128 bits
TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits
* Deflate Compression:
OK - Compression disabled
* Downgrade Attacks:
TLS_FALLBACK_SCSV: OK - Supported
* OpenSSL Heartbleed:
OK - Not vulnerable to Heartbleed
* OpenSSL CCS Injection:
OK - Not vulnerable to OpenSSL CCS injection
* Session Renegotiation:
Client-initiated Renegotiation: VULNERABLE - Server honors client-initiated renegotiations
Secure Renegotiation: OK - Supported
* Resumption Support:
With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
With TLS Tickets: OK - Supported
* TLSV1_2 Cipher Suites:
Preferred:
None - Server followed client cipher suite preference.
Accepted:
TLS_RSA_WITH_AES_256_GCM_SHA384 - 256 bits
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - 256 bits
TLS_RSA_WITH_AES_256_CBC_SHA - 256 bits
TLS_RSA_WITH_AES_256_CBC_SHA256 - 256 bits
TLS_RSA_WITH_AES_128_GCM_SHA256 - 128 bits
TLS_RSA_WITH_AES_128_CBC_SHA - 128 bits
TLS_RSA_WITH_SEED_CBC_SHA - 128 bits
TLS_RSA_WITH_AES_128_CBC_SHA256 - 128 bits
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - 128 bits
* Certificate Information:
Content
SHA1 Fingerprint: 47d0385fb45a82a91f9d8639ea222191adb12719
Common Name: *.XXXXXXXXXXXXXX.com
Issuer: XXXXXXXX RSA Domain Validation Secure Server CA
Serial Number: 10462331755053598199612105214047533723
Not Before: 2017-09-20 00:00:00
Not After: 2020-09-19 23:59:59
Signature Algorithm: sha256
Public Key Algorithm: RSA
Key Size: 2048
Exponent: 65537 (0x10001)
DNS Subject Alternative Names: ['*.XXXXXXXXXXXXXX.com', 'XXXXXXXXXXXXXX.com']
Trust
Hostname Validation: OK - Certificate matches local.XXXXXXXXXXXXXX.com
AOSP CA Store (7.0.0 r1): OK - Certificate is trusted
Apple CA Store (OS X 10.11.6): OK - Certificate is trusted
Java 7 CA Store (Update 79): OK - Certificate is trusted
Microsoft CA Store (09/2016): OK - Certificate is trusted
Mozilla CA Store (09/2016): OK - Certificate is trusted
Received Chain: *.XXXXXXXXXXXXXX.com --> XXXXXXXX RSA Domain Validation Secure Server CA --> XXXXXXXX RSA Certification Authority
Verified Chain: *.XXXXXXXXXXXXXX.com --> XXXXXXXX RSA Domain Validation Secure Server CA --> XXXXXXXX RSA Certification Authority
Received Chain Contains Anchor: OK - Anchor certificate not sent
Received Chain Order: OK - Order is valid
Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
OCSP Stapling
NOT SUPPORTED - Server did not send back an OCSP response.
SCAN COMPLETED IN 1.34 S
------------------------
我试图通过将CipherList和Method设置如下来解决问题:
FSSLHandler.SSLOptions.Method := sslvTLSv1_2;
FSSLHandler.SSLOptions.Mode := sslmUnassigned;
FSSLHandler.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
FSSLHandler.SSLOptions.CipherList := 'TLSv1:TLSv1.2:SSLv3:!RC4:!NULL-MD5:!NULL-SHA:!NULL-SHA256:!DES-CBC-SHA:!DES-CBC3-SHA:!IDEA-CBC-SHA';
但错误仍然存在.
如何修复Chrome中的过时密钥交换(RSA)以及客户端启动的重新协商sslyze漏洞?
旁注:我想通过遵循最常见的最佳实践来尝试在Indy服务器上实现SSL,例如https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices
关注https://cipherli.st/我也试过使用:
FSSLHandler.SSLOptions.Method := sslvTLSv1_2;
FSSLHandler.SSLOptions.Mode := sslmUnassigned;
FSSLHandler.SSLOptions.SSLVersions := [sslvTLSv1_2];
FSSLHandler.SSLOptions.CipherList := 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
但它引发了一个例外:
接受与SSL的连接时出错.错误:1408A0C1:SSL例程:ssl3_get_client_hello:无共享密码
在IdSSLOpenSSL.pas3563行:
// RLebeau: if this socket's IOHandler was cloned, no need to reuse the
// original IOHandler's active session ID, since this is a server socket
// that generates its own sessions...
error := SSL_accept(fSSL);
if error <= 0 then begin
EIdOSSLAcceptError.RaiseException(fSSL, error, RSSSLAcceptError); // EXCEPTION HERE
end;
if Supports(fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then
begin
LParentIO := LHelper.GetIOHandlerSelf;
if LParentIO <> nil then begin
StatusStr := 'Cipher: name = ' + Cipher.Name + '; ' + {Do not Localize}
'description = ' + Cipher.Description + '; ' + {Do not Localize}
'bits = ' + IntToStr(Cipher.Bits) + '; ' + {Do not Localize}
'version = ' + Cipher.Version + '; '; {Do not Localize}
LParentIO.DoStatusInfo(StatusStr);
end;
LHelper := nil;
end;
IndyServer似乎不会以相同的Apache方式接受CipherList.官方文件含糊不清:
TIdSSLOptions.CipherList属性
帕斯卡尔
property CipherList:String;
描述
CipherList是已发布的String属性.使用fCipherList实现对属性的写访问.