Low level TLS handshake?

huangapple go评论147阅读模式
英文:

Low level TLS handshake?

问题

我想拦截ALPN选择,并选择我想要的而不是客户端和服务器之间的第一个公共选择。

代码:

// 我们有一些用于TLS/SSL的ALPN协议和证书
tlsConfig := &tls.Config {
    Certificates: serverCertificates,
    NextProtos  : serverALPN,
}
// 一个简单的TCP服务器
server, err := net.Listen("tcp", serverHost+":"+serverPort) 
...
for {
    // 我们接受一个连接
    conn, err := ln.Accept()
    ...
    // 将其包装在TLS中
    tlsConn := tls.Server(conn, &tlsConfig)
    // 并将其传递给处理程序
    go handleConnection(tlsConn)
}

到目前为止,我们还没有进行任何TLS握手,所以连接是空闲的。在func handleConnection(conn *tls.Conn)中,我们将err := conn.Handshake()用于自动执行握手,但如何手动执行呢?我在tls模块文档中似乎没有找到相关信息。我想做这样的事情:

// 我们与客户端通信,直到他告诉我们他们支持的所有ALPN
state := conn.HandshakeUntilALPN()
// 我们得到了列表,现在我们使用某种算法选择ALPN
ALPN := myALPNAlgorithm(state.listOfALPNsFromClient)
// 然后我们告诉客户端我们选择的算法
conn.SendALPN(ALPN)
// 然后我们继续握手
conn.ContinueHandshake()
...

当然,这只是一个愚蠢的伪伪代码,但希望你能理解我的意思 Low level TLS handshake?

理想情况下,我想知道ServerClient都可以实现这个功能吗?

英文:

I'd like to intercept ALPN selection and select the one I want instead of the first common one between the client and the server.

Code:

// we have some ALPN protocols and certificates for TLS/SSL
tlsConfig := &tls.Config {
    Certificates: serverCertificates,
    NextProtos  : serverALPN,
}
// a simple TCP server
server, err := net.Listen("tcp", serverHost+":"+serverPort) 
...
for {
    // we accept a connection
    conn, err := ln.Accept()
    ...
    // wrap it in TLS
    tlsConn := tls.Server(conn, &tlsConfig)
    // and pass it to the handler
    go handleConnection(tlsConn)
}

So far we didn't do any TLS handshaking, so the connection is idle, pure. In func handleConnection(conn *tls.Conn) we would err := conn.Handshake() to perform the handshaking automatically for us, but how to do it manually? I didn't seem to find any info on that in tls module documentation. I'd like to do something like this:

// we communicate with client until he's told us all the ALPNs they support
state := conn.HandshakeUntilALPN()
// we got the list, now we use some algorithm to choose the ALPN
ALPN := myALPNAlgorithm(state.listOfALPNsFromClient)
// after that we tell the client which algo we've chosen
conn.SendALPN(ALPN)
// and we continue the handshake
conn.ContinueHandshake()
...

Of course it's silly pseudo-pseudo code, but hopefully you get the idea Low level TLS handshake?

Ideally, I'd like to know that for both the Server and the Client, if it's possible at all.

答案1

得分: 1

答案在加密库中:
https://pkg.go.dev/crypto/tls

这些论文可能会有用:

https://developpaper.com/the-principle-of-https-and-golang-specifies-the-https-cipher-suite/

https://eli.thegreenplace.net/2021/go-https-servers-with-tls/

你需要构建自己的服务器和客户端。TLSlistenandserve是一个抽象层,你需要构建自己的listenandserve。

英文:

the answer is in the crypto library:
https://pkg.go.dev/crypto/tls

these papers might be useful:

https://developpaper.com/the-principle-of-https-and-golang-specifies-the-https-cipher-suite/

and

https://eli.thegreenplace.net/2021/go-https-servers-with-tls/

You will need to build your own server and client. TLSlistenandserve is an abstraction. you will have to build your own listenandserve.

huangapple
  • 本文由 发表于 2022年3月6日 06:49:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/71366504.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定