这是一个创建于 436 天前的主题,其中的信息可能已经有所发展或是发生改变。
用他的 java sdk 总是 ssl 握手失败,查了一个下午发现是不支持 tls1.3 ,jdk1.8 在比较新的版本都是默认 tls1.3 的,版本对不上握手失败。
Starting Nmap 7.60 ( https://nmap.org ) at 2024-08-05 10:46 CST Nmap scan report for oapi.dingtalk.com (106.11.40.32) Host is up (0.014s latency). Other addresses for oapi.dingtalk.com (not scanned): 2401:b180:2000:50::b 2401:b180:2000:80::d 2401:b180:2000:70::e 2401:b180:2000:60::f PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.1: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server |_ least strength: A Nmap done: 1 IP address (1 host up) scanned in 6.92 seconds 第 1 条附言 2024-08-05 17:30:22 +08:00
更正:钉钉支持tls1.3,楼下有大佬帖了正确结果
之前判断有误因为是看了java debug的log,判断tls版本不匹配握手失败,加了参数-Djdk.tls.client.protocols=TLSv1.2 启动才能成功,接着又用了旧版nmap不支持tls1.3的去测试
javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.427 CST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 520 javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.442 CST|SSLSocketInputRecord.java:213|READ: TLSv1.2 alert, length = 2 第 2 条附言 2024-08-05 17:31:45 +08:00
程序为什么用 tls1.3 握手失败这个没研究清楚
 | 1 zengxs 2024-08-05 11:25:02 +08:00 TLS 版本都是自动协商的,不支持 1.3 会自动回退到 1.2 ,看看是不是环境的问题 |
 | 2 e3c78a97e0f8 2024-08-05 12:57:47 +08:00 国内不支持 TLS1.3 的网站多了去了 |
 | 3 fredcc 2024-08-05 13:00:48 +08:00  1 支持 tls 1.3 啊  |
 | 5 ethsol OP @fredcc 你是用什么测试的?我用命令 nmap --script ssl-enum-ciphers -p 443 oapi.dingtalk.com |
 | 6 zealot 2024-08-05 14:21:51 +08:00 2 钉钉的域名支持 TLS1.3 ; 你的检测结果中没有显示 TLS 1.3 的原因是你用的 nmap 版本比较旧( 7.6 版本的 nmap 发布时候还没有 TLS 1.3 协议),换个最新版本 nmap 就可以。 你用的这个 nmap 版本号是 7.60 ,发布日期是 2017-07-31 详见: https://svn.nmap.org/nmap-releases/nmap-7.60/CHANGELOG 。 TLS 1.3 协议是 2018 年 8 月发布的,详见 IETF 文档: https://datatracker.ietf.org/doc/html/rfc8446 nmap 在 2021 年 12 月才支持了 TLS 1.3 ,详见代码提交记录: https://github.com/mzet-/Nmap-for-Pen-Testers/commit/f55c200783af64f2ecb286244056e83098d74e97 最新的 nmap 7.95 版本检测钉钉域名是支持 TLS 1.3 的: ``` $ nmap --script ssl-enum-ciphers -p 443 oapi.dingtalk.com Starting Nmap 7.95 ( https://nmap.org ) at 2024-08-05 14:08 CST Nmap scan report for oapi.dingtalk.com (106.11.35.100) Host is up (0.047s latency). Other addresses for oapi.dingtalk.com (not scanned): 2401:b180:2000:80::d 2401:b180:2000:50::b 2401:b180:2000:60::f 2401:b180:2000:70::e PORT STATE SERVICE 443/tcp open https | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.1: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA84 (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ecdh_x25519) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | compressors: | NULL | cipher preference: server | TLSv1.3: | ciphers: | TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A | TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A | TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A | TLS_AKE_WITH_SM4_CCM_SM3 (ecdh_x25519) - A | TLS_AKE_WITH_SM4_GCM_SM3 (ecdh_x25519) - A | cipher preference: server |_ least strength: A Nmap done: 1 IP address (1 host up) scanned in 3.58 seconds ``` SSL Labs 检测结果也同样显示支持 TLS 1.3: https://www.ssllabs.com/ssltest/analyze.html?d=oapi.dingtalk.com p.s. 这个域名还在支持 TLS 1.0 和 TLS 1.1 的原因是还有很多企业不支持更高版本的 TLS 。不过安全团队针对低版本的 TLS 的加密套件做了定制,剔除一些低版本中有重大风险的加密套件。  ) |
| 7 ethsol OP @zealot 疏忽了,原来 nmap 旧版的原因 不过从 java debug 看的确是 tls 版本不对所以握手失败,也没有回退到 1.2 ``` javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.427 CST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 520 javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.442 CST|SSLSocketInputRecord.java:213|READ: TLSv1.2 alert, length = 2 ``` 另外从你的结果看,tls1.3 支持的加密套件没有 RSA 的,这个我有点疑惑啊,他的证书是用 RSA 签发吧 |
 | 8 CloudMx 2024-08-05 16:21:48 +08:00 可以的. ~ curl -v -I --tls-max 1.3 https://oapi.dingtalk.com * Host oapi.dingtalk.com:443 was resolved. * IPv6: (none) * IPv4: 106.11.43.136 * Trying 106.11.43.136:443... * Connected to oapi.dingtalk.com (106.11.43.136) port 443 * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /opt/anaconda3/ssl/cacert.pem * CApath: none * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS * ALPN: server accepted h2 * Server certificate: * subject: C=CN; ST=ZheJiang; L=HangZhou; O=Alibaba (China) Technology Co., Ltd.; CN=*.dingtalk.com * start date: Apr 8 04:56:05 2024 GMT * expire date: May 10 04:56:04 2025 GMT * subjectAltName: host "oapi.dingtalk.com" matched cert's "*.dingtalk.com" * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G3 * SSL certificate verify ok. * Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption * Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha1WithRSAEncryption * using HTTP/2 * [HTTP/2] [1] OPENED stream for https://oapi.dingtalk.com/ |
| 9 fredcc 2024-08-05 17:00:01 +08:00 |
| 10 fredcc 2024-08-05 17:04:46 +08:00 检测结果看人家的策略没啥问题,抓个网络包看下握手失败原因吧。 |
| 11 zealot 2024-08-05 18:11:49 +08:00 @zong400 RSA 是很老的算法了,ECC 综合指标显著优于 RSA ,了解技术的都会在 TLS 1.3 里采用 ECC 而不是 RSA |
| 12 ethsol OP @zealot 我意思是从浏览器看到证书是用 RSA 签的,但是你的 nmap 结果里面 tls1.3 ciphers 都是 TLS_AKE_WITH_XXX ,没有 TLS_RSA_WITH_XXX |
 | 13 VKLER 2024-08-05 23:05:52 +08:00 你项目中有用到 OkHttp 的库嘛?看看是不是版本冲突了,低版本可能不支持 TLSv1.3 |
Select Language