是否有公共PSK服务器来测试TLS握手?
[英]Is there a public psk server to test tls handshake?
问题描述
What I want is test tls handshake when psk is active. 
我想要的是在psk处于活动状态时测试tls握手。 I also want to see every http header exchanged during the connection between client (my laptop) and public server. 我还希望看到客户端(我的笔记本电脑)与公共服务器之间的连接期间交换的所有http标头。 Now I am wondering if there is a public psk tls server where I can do my test. 现在,我想知道是否存在可以进行测试的公共psk tls服务器。
Regards. 问候。
2 个解决方案
解决方案1
4 已采纳 2016-11-20 15:32:47
I doubt that there is a web server using PSK on the internet open for public testing. 我怀疑互联网上是否有使用PSK的Web服务器开放供公众测试。 Also I doubt that browsers support PSK cipher suites. 我也怀疑浏览器是否支持PSK密码套件。 But you can setup your own web server using PSK with openssl: 但是您可以使用带有openssl的PSK来设置自己的Web服务器:
openssl s_server -psk 1a2b3c4d -nocert -www
And the matching client: 和匹配的客户端:
openssl s_client -connect 127.0.0.1:4433 -psk 1a2b3c4d
As for the HTTP protocol: it is independent from the TLS layer, ie it does not change if PSK or the normal authentication with certificates is used. 对于HTTP协议:它独立于TLS层,即,如果使用PSK或带有证书的常规身份验证,则它不会更改。
解决方案2
0 2016-11-21 09:38:09
Even if some public TLS Server were to support PSK, you won't be able to test your client with it. 即使某些公共TLS服务器支持PSK,您也无法使用它来测试客户端。 There is a fundamental difference between the way public key authentication (which is used by most of the TLS Servers) work and PSK. 公钥认证(大多数TLS服务器使用的)和PSK的工作方式之间存在根本区别。
Public Key Authentication: Incase of Public Key Server Authentication (the ones that doesn't involve Client Authentication), the server sends a Certificate, which contains a Public Key and Client encrypts it's pre-master secret and sends it to server which only the server can decrypt. 公钥身份验证:如果使用公钥服务器身份验证(不涉及客户端身份验证),则服务器会发送一个证书,其中包含一个公钥,并且客户端会加密其主密码,然后将其发送给只有该服务器的服务器可以解密。 In this way both have the same pre-master secret and can use the same set of derivations to further derive the final key. 这样,两者都具有相同的预掌握密钥,并且可以使用相同的派生集来进一步派生最终密钥。
Pre-Shared key: As the name indicates the pre-shared requires both parties to have the same key pre-shared among themselves. 预共享密钥:顾名思义,预共享要求双方之间具有相同的预共享密钥。 They just exchange the IDs between them to indicate which of the Pre-Shared they will be using to generate the final key. 他们只是在它们之间交换ID,以指示将使用哪个预共享来生成最终密钥。
So, even if there is a server which supports PSK, you should have the same set of (or atleast one) of the keys which it has, which is impossible as those servers won't share their keys with anyone apart from whom it is supposed to be shared with (the legit clients). 因此,即使有一台支持PSK的服务器,您也应该拥有与之相同的一组(或至少一个)密钥,这是不可能的,因为这些服务器不会与任何人共享其密钥。应该与(合法客户)共享。
So, the best way for you is to use openssl's test client and server tools and test it. 因此,最适合您的方法是使用openssl的测试客户端和服务器工具并对其进行测试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.