英文:
Low level TLS handshake?
问题
我想拦截ALPN
选择,并选择我想要的而不是客户端和服务器之间的第一个公共选择。
代码:
// 我们有一些用于TLS/SSL的ALPN协议和证书
tlsConfig := &tls.Config {
Certificates: serverCertificates,
NextProtos : serverALPN,
}
// 一个简单的TCP服务器
server, err := net.Listen("tcp", serverHost+":"+serverPort)
...
for {
// 我们接受一个连接
conn, err := ln.Accept()
...
// 将其包装在TLS中
tlsConn := tls.Server(conn, &tlsConfig)
// 并将其传递给处理程序
go handleConnection(tlsConn)
}
到目前为止,我们还没有进行任何TLS握手,所以连接是空闲的。在func handleConnection(conn *tls.Conn)
中,我们将err := conn.Handshake()
用于自动执行握手,但如何手动执行呢?我在tls
模块文档中似乎没有找到相关信息。我想做这样的事情:
// 我们与客户端通信,直到他告诉我们他们支持的所有ALPN
state := conn.HandshakeUntilALPN()
// 我们得到了列表,现在我们使用某种算法选择ALPN
ALPN := myALPNAlgorithm(state.listOfALPNsFromClient)
// 然后我们告诉客户端我们选择的算法
conn.SendALPN(ALPN)
// 然后我们继续握手
conn.ContinueHandshake()
...
当然,这只是一个愚蠢的伪伪代码,但希望你能理解我的意思
理想情况下,我想知道Server
和Client
都可以实现这个功能吗?
英文:
I'd like to intercept ALPN
selection and select the one I want instead of the first common one between the client and the server.
Code:
// we have some ALPN protocols and certificates for TLS/SSL
tlsConfig := &tls.Config {
Certificates: serverCertificates,
NextProtos : serverALPN,
}
// a simple TCP server
server, err := net.Listen("tcp", serverHost+":"+serverPort)
...
for {
// we accept a connection
conn, err := ln.Accept()
...
// wrap it in TLS
tlsConn := tls.Server(conn, &tlsConfig)
// and pass it to the handler
go handleConnection(tlsConn)
}
So far we didn't do any TLS handshaking, so the connection is idle, pure. In func handleConnection(conn *tls.Conn)
we would err := conn.Handshake()
to perform the handshaking automatically for us, but how to do it manually? I didn't seem to find any info on that in tls
module documentation. I'd like to do something like this:
// we communicate with client until he's told us all the ALPNs they support
state := conn.HandshakeUntilALPN()
// we got the list, now we use some algorithm to choose the ALPN
ALPN := myALPNAlgorithm(state.listOfALPNsFromClient)
// after that we tell the client which algo we've chosen
conn.SendALPN(ALPN)
// and we continue the handshake
conn.ContinueHandshake()
...
Of course it's silly pseudo-pseudo code, but hopefully you get the idea
Ideally, I'd like to know that for both the Server
and the Client
, if it's possible at all.
答案1
得分: 1
答案在加密库中:
https://pkg.go.dev/crypto/tls
这些论文可能会有用:
https://developpaper.com/the-principle-of-https-and-golang-specifies-the-https-cipher-suite/
和
https://eli.thegreenplace.net/2021/go-https-servers-with-tls/
你需要构建自己的服务器和客户端。TLSlistenandserve是一个抽象层,你需要构建自己的listenandserve。
英文:
the answer is in the crypto library:
https://pkg.go.dev/crypto/tls
these papers might be useful:
https://developpaper.com/the-principle-of-https-and-golang-specifies-the-https-cipher-suite/
and
https://eli.thegreenplace.net/2021/go-https-servers-with-tls/
You will need to build your own server and client. TLSlistenandserve is an abstraction. you will have to build your own listenandserve.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论