是否可以使用 OpenSSL 或其他工具通过 TLS 建立 TLS 连接?
如果可能,每个级别的证书是否需要不同?
问问题
1987 次
3 回答
7
This should work just fine in theory, though I cannot say for sure whether OpenSSL or something would support it easily. You can technically use the same certificate for multiple TLS connections, even if one is nested inside another.
However, I want to point out that one common reason to nest TLS connections might be to tunnel data over a multi-layered encrypted connection, making some subset of the data available at each stop in the tunnel (i.e. peeling back a layer of the encryption). Using the same certificate doesn't really support that use case. Perhaps you've got another use case in mind.
Furthermore, it is cryptographically sound to encrypt encrypted data. That is, more encryption cannot make data less secure. Lastly, encrypting encrypted data alone will not make it more secure. That is, AES(AES(x,key1),key2) where key1 != key2 is not more (or less) secure than AES(x, key1). Just in case that was your motivation.
于 2012-08-30T19:33:20.047 回答
4
TLS 不关心您发送和接收的数据,因此它很可能是另一个 TLS 会话(尽管我不知道您为什么要这样做)。
由于这是另一个独立的会话,因此您没有理由不能使用相同的证书。
于 2012-08-30T19:18:00.923 回答
0
ths tls rfc 已经确认了这种情况,答案是肯定的,请参考:https ://www.rfc-editor.org/rfc/rfc5246 ,我找不到哪个部分提到了这一点,但我记得我读过它。
于 2014-08-20T05:38:33.487 回答