OpenSSL – 加载传统密码失败

huangapple go评论76阅读模式
英文:

OpenSSL - Loading legacy ciphers failed

问题

我正在Windows上使用OpenSSL,尝试简单地评估远程服务器是否启用了旧的密码(RC4)。

我的当前OpenSSL版本是v3.0.8。实际上,我已经在这里找到了一些帮助:https://stackoverflow.com/questions/74545780/how-to-enable-the-openssl-3-0-legacy-provider-github-actions,但在我的情况下这还不够。

请注意,我没有编译任何东西,只是尝试使用常规安装的Win64-OpenSSL与传统提供程序。

我已经修改了我的OpenSSL配置文件以添加和激活传统提供程序。
我还配置了OPENSSL_MODULES环境变量以找到传统的dll(在其默认的安装后位置,位于C:\Program Files\OpenSSL-Win64\bin下)。

由于这样,我实际上可以运行这个:

>openssl list -providers -provider legacy

Providers:
  legacy
    name: OpenSSL Legacy Provider
    version: 3.0.8
    status: active

但是当我运行以下命令时似乎是一个“空盒子”:

>openssl ciphers -provider legacy -v

6C1F0000:error:0A0000A1:SSL routines:SSL_CTX_new_ex:library has no ciphers:ssl\ssl_lib.c:3290:

当我尝试连接到我的远程服务器时,我得到相同的错误。

有人能提供帮助吗? OpenSSL – 加载传统密码失败

英文:

I am using OpenSSL on Windows, and trying to simply assess if a remote server has old ciphers (RC4) enabled.

My current OpenSSL version is v3.0.8. I actually already found some help here https://stackoverflow.com/questions/74545780/how-to-enable-the-openssl-3-0-legacy-provider-github-actions but it is not enough in my case.
Note that I am not compiling anything, just trying to use the regular installed Win64-OpenSSL with legacy provider.

I've already modified my OpenSSL configuration file to add and activate the legacy provider.
I've also configured the OPENSSL_MODULES environment variable to find the legacy dll (in its default post-install location, under C:\Program Files\OpenSSL-Win64\bin).

Thanks to that, I can actually run this :

>openssl list -providers -provider legacy

Providers:
  legacy
    name: OpenSSL Legacy Provider
    version: 3.0.8
    status: active

But it seems to be an "empty box" when I run :

>openssl ciphers -provider legacy -v

6C1F0000:error:0A0000A1:SSL routines:SSL_CTX_new_ex:library has no ciphers:ssl\ssl_lib.c:3290:

And I get the same error when trying to connect to my remote server.

Would anyone have some help ? OpenSSL – 加载传统密码失败

答案1

得分: 2

对于遇到相同问题的人:我实际上不得不构建自己的OpenSSL版本,在构建过程中只需添加一个“enable-weak-ssl-ciphers”标志。

逐步操作如下:

  • 从OpenSSL官网下载OpenSSL源代码。
  • 下载并安装Visual Studio(安装时,只选择Desktop Development with C++包,无需其他包)。
  • 下载并安装Windows版Srawberry Perl + NASM。
  • 将NASM文件夹添加到你的Path环境变量中(然后在命令提示符中运行“nasm -v”来检查它是否有效)。
  • 用任何文本编辑器打开从解压缩的OpenSSL源代码文件夹中提取的“openssl.cnf”文件,并添加以下行:
    OpenSSL – 加载传统密码失败
  • 以管理员身份运行Windows菜单中的“x64 Native Tools Command Prompt” > Visual Studio文件夹。
  • 使用cd命令,进入OpenSSL源代码文件夹。
  • 运行perl configure VC-WIN64 enable-weak-ssl-ciphers --prefix="C:\Program Files\OpenSSL-Win64"(最后的路径是OpenSSL最终安装的位置,可以是任何路径)。
  • 然后运行nmake:这可能需要一些时间(我估计15-30分钟)。
  • 然后运行nmake install

就这样 OpenSSL – 加载传统密码失败

我在OpenSSL GitHub页面上直接找到了答案:https://github.com/openssl/openssl/issues/20526

为了构建我的OpenSSL,我按照这个出色的逐步指南进行操作:https://developers.refinitiv.com/en/article-catalog/article/how-to-build-openssl--zlib--and-curl-libraries-on-windows

英文:

For people having the same issue : I actually had to build my own OpenSSL version, adding just a flag to "enable-weak-ssl-ciphers" during the build.
The step-by-step would be like :

  • Download OpenSSL sources from their website
  • Download & install Visual Studio (when installing, select only the Desktop Development with C++ package, no other package is needed)
  • Download & install Srawberry Perl + NASM for Windows
  • Add the NASM folder to your Path environment variable (then check that it works by running "nasm -v" in a cmd prompt)
  • With any text editor, open the "openssl.cnf" file from the extracted OpenSSL sources folder and add the following lines :
    OpenSSL – 加载传统密码失败
  • Launch as admin the "x64 Native Tools Command Prompt" from Windows menu > Visual Studio folder
  • With cd, get to the OpenSSL sources folder
  • Run perl configure VC-WIN64 enable-weak-ssl-ciphers --prefix="C:\Program Files\OpenSSL-Win64 (the last path is where OpenSSL will be later installed, can be anything)
  • Then run nmake : this can take a while (15-30min I'd say)
  • Then run nmake install

And you're done OpenSSL – 加载传统密码失败

I got my answer directly on the OpenSSL GitHub page : https://github.com/openssl/openssl/issues/20526

And to build my own OpenSSL I followed this excellent step-by-step guide : https://developers.refinitiv.com/en/article-catalog/article/how-to-build-openssl--zlib--and-curl-libraries-on-windows

huangapple
  • 本文由 发表于 2023年3月9日 23:57:36
  • 转载请务必保留本文链接:https://go.coder-hub.com/75687076.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定