问题描述
希望有人能帮我解决这个问题。带有 OpenSSL 支持的简单 TIdHTTPServer,用于使用基于 ECDH 的密钥解码来自客户端的 TLS 流量。
使用以下命令创建的服务器密钥:
openssl ecparam -name secp256k1 -genkey -noout -out key.pem
服务器调试日志:
23:33:14.878 SSL status: "before/accept initialization"
23:33:14.886 SSL status: "SSLv3 read client hello C"
23:33:14.886 SSL status: "error"
23:33:14.887 Connection from: 192.168.12.1:23727 Closed
23:33:14.887 EXCEPTION: Error accepting connection with SSL.
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
从this question,我好像需要打电话给SSL_CTX_set_ecdh_auto(ctx,1)
SSL 服务器初始化:
ServerIOHandler = new TIdServerIOHandleRSSLOpenSSL();
ServerIOHandler->SSLOptions->CertFile = CertPath;
ServerIOHandler->SSLOptions->KeyFile = KeyPath;
ServerIOHandler->SSLOptions->RootCertFile = RootCertPath;
ServerIOHandler->SSLOptions->Method = sslvTLSv1_2;
ServerIOHandler->SSLOptions->Mode = sslmServer;
//ServerIOHandler->SSLOptions->CipherList = "";
ServerIOHandler->SSLOptions->VerifyDepth = 1;
ServerIOHandler->Ongetpassword = OnGetServerPassword;
ServerIOHandler->OnStatusInfo = SSL_Status;
TLSServer->Bindings->Add();
TLSServer->Bindings->Items[0]->IP = TLSServerInfo.AdapterIP;
TLSServer->Bindings->Items[0]->Port = TLSServerInfo.LocalPort;
TLSServer->DefaultPort = TLSServerInfo.LocalPort;
TLSServer->IOHandler = ServerIOHandler;
try {
PanelServer->Active = true;
}
catch (Exception &Ex) {
Msg = String(L"SSL Server Bound Exception: ") + Ex.Message;
}
我已经按照 these instructions 将 SSL_CTX_set_ecdh_auto() 添加到我的 IdSSLOpenSSLHeaders.pas 文件中,但是如果我尝试添加一个条目以从我的代码中调用 SSL_CTX_set_ecdh_auto(),我会得到一个“调用未定义的函数 'SSL_CTX_set_ecdh_auto'" 错误。
我正在运行 Indy 10.6.2。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)