Fetch with s_client over TLS 1.3 explicitly the RSA certificate · Issue #10131 · openssl/openssl

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

率性的黄瓜 · Error tls: failed to ...· 1 月前 ·

谦逊的帽子 · Tls: failed to verify ...· 1 月前 ·

朝气蓬勃的饼干 · How to format tls ...· 1 月前 ·

善良的稀饭 · Unsuccessful TLS ...· 1 月前 ·

细心的泡面 · Hashicorp Vault : “ ...· 1 月前 ·

粗眉毛的松树 · 看戏网-最新电影免费观看-电视剧排行榜-看戏影视· 1 月前 ·

完美的生姜 · 三款2000-3000元档主流LED投影横向 ...· 3 月前 ·

任性的机器猫 · 姚红：身在检察情在民，她是芙蓉国里别样“红” ...· 4 月前 ·

玉树临风的楼房 · 同济这个硬核设计团队助力揭开“华夏第一王都” ...· 5 月前 ·

憨厚的墨镜 · 明星个人首页· 6 月前 ·

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

For a site offering TLS1.2 and TLS 1.3 with RSA and EC certificates, with 1.1.1,


    openssl s_client -cipher aRSA -tls1_2

delivers over TLS 1.2 the RSA certificate


    openssl s_client -cipher aECDSA -tls1_2

delivers over TLS 1.2 the ECDSA certificate

just


    openssl s_client

delivers over TLS 1.3 the ECDSA certificate

But if the site offers TLS 1.2 and TLS 1.3 only with RSA certificate


    openssl s_client

delivers over TLS 1.3 the RSA certificate

How can openssl s_client deliver request over TLS 1.3 the RSA certificate, when the server has both EC and RSA certificates?

Thanks for the hint, but I still cannot achieve what I want.

For TLS 1.3 https://www.openssl.org/docs/man1.1.1/man1/ciphers.html lists under “TLS v1.3 cipher suites“ 10 suites. openssl ciphers -tls1_3 lists much more suites.

How shall this be changed

openssl s_client -tls1_3 -ciphersuites TLS_AES_256_GCM_SHA384 -connect autoconfig.aegee.org:443

so that it delivers a RSA certificate (Peer signature type: RSA-PSS) instead of ECDSA certificate (Peer signature type: ECDSA)?

For TLS 1.2 the magic is done by

openssl s_client -tls1_2 -cipher aRSA -connect autoconfig.aegee.org:443
openssl s_client -tls1_2 -cipher aECDSA -connect autoconfig.aegee.org:443

It only lists 5 ciphers for TLS 1.3. As you can see, none of them mention RSA or ECDSA, because it's not part of the ciphersuite anymore. Instead, it depends on the supported signature algorithms. Try with "-sigalgs RSA-PSS+SHA512".

~~Fecth with s_client over TLS 1.3 explicitly the RSA certificate~~ Fetch with s_client over TLS 1.3 explicitly the RSA certificate

Oct 9, 2019

This works:

openssl s_client -tls1_3 -sigalgs "RSA-PSS+SHA512" -connect autoconfig.aegee.org:443

openssl s_client -tls1_3 -sigalgs "RSA-PSS+SHA256" -connect autoconfig.aegee.org:443

openssl s_client -tls1_2 -sigalgs "RSA-PSS+SHA512" -connect autoconfig.aegee.org:443

openssl s_client -tls1_2 -sigalgs "RSA-PSS+SHA256" -connect autoconfig.aegee.org:443

openssl s_client -sigalgs "RSA+SHA256" -connect autoconfig.aegee.org:443

openssl s_client -sigalgs "RSA+SHA512" -connect autoconfig.aegee.org:443

Is there a way to get the RSA signature, without sticking to SHA256/SHA512 (with any signing digest)?

This also works:

openssl s_client -sigalgs "RSA-PSS+SHA512:RSA-PSS+SHA384:RSA-PSS+SHA256" -connect autoconfig.aegee.org:443
but prints “Peer signing digest: SHA256”.

I don't understand your question. Do you mean the signature type? That gets printed for me. Note that the last 2 don't work for me, since TLS 1.3 requires the PSS type. The others print: Peer signing digest: SHA256 (or SHA512) Peer signature type: RSA-PSS It's the server that picks it from what is offered by the client, and server has the order sha256, sha384, sha512.

With -sigalgs the caller has to specify both signing digest (sha256,sha512,sha384) AND signature type (RSA-PSS, ECDSA).

Is there a way to specify only the signature type to s_clients? (so without +SHA256/+SHA512/+SHA384)?

I wrote "RSA+SHA512"/"RSA+SHA256", but I meant "RSA-PSS+SHA512"/"RSA-PSS+SHA256".

I mean, the universal way to extract the RSA signature for any server from s_client is to call
-sigalgs "RSA-PSS+SHA512:RSA-PSS+SHA384:RSA-PSS+SHA256:RSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA224:RSA+SHA1" . Can’t this be shortened?

Why does
printf 'A1 CAPABILITIES' | openssl s_client -crlf -ign_eof -connect imap.fastmail.com:993 -showcerts -verify 6 -sigalgs 'ECDSA+SHA1:ECDSA+SHA224:ECDSA+SHA384:ECDSA+SHA256:ECDSA+SHA512'
print just

verify depth is 6
139722479514112:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
CONNECTED(00000003)
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 243 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
printf 'A1 CAPABILITIES' | openssl s_client -crlf -ign_eof -connect imap.gmail.com:993 -showcerts -verify 6    -sigalgs 'ECDSA+SHA1:ECD SA+SHA224:ECDSA+SHA384:ECDSA+SHA256:ECDSA+SHA512' print much more:
verify depth is 6
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = imap.gmail.com
verify return:1
139662963134976:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
CONNECTED(00000003)
Certificate chain
 0 s:C = US, ST = California, L = Mountain View, O = Google LLC, CN = imap.gmail.com
   i:C = US, O = Google Trust Services, CN = GTS CA 1O1
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgIQRA22Iic0UaEIAAAAABkN8TANBgkqhkiG9w0BAQsFADBC
MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMRMw
NLLph1bH1i1yRe6m6tTUifw43WExB3PiiQ8rJ3Cg2Au8DsMFWmeCJSSi6U8IMqIq
+vqgWw5zPRXhPqlFSze/t0ndzJ7qbqMzUd7ZytPhf+uiouqFAgYo+mgAAabDojjV
34/5buTux27s0+4M1HT3pOUAJIjq/LrHlvKhAnEX
-----END CERTIFICATE-----
 1 s:C = US, O = Google Trust Services, CN = GTS CA 1O1
   i:OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
-----BEGIN CERTIFICATE-----
MIIESjCCAzKgAwIBAgINAeO0mqGNiqmBJWlQuDANBgkqhkiG9w0BAQsFADBMMSAw
HgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEGA1UEChMKR2xvYmFs
U2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xNzA2MTUwMDAwNDJaFw0yMTEy
MTUwMDAwNDJaMEIxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVHb29nbGUgVHJ1c3Qg
IRdAvKLWZu/axBVbzYmqmwkm5zLSDW5nIAJbELCQCZwMH56t2Dvqofxs6BBcCFIZ
USpxu6x6td0V7SvJCCosirSmIatj/9dSSVDQibet8q/7UK4v4ZUN80atnZz1yg==
-----END CERTIFICATE-----
Server certificate
subject=C = US, ST = California, L = Mountain View, O = Google LLC, CN = imap.gmail.com
issuer=C = US, O = Google Trust Services, CN = GTS CA 1O1
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
SSL handshake has read 2727 bytes and written 240 bytes
Verification: OK
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
while both fail?