希望有人可以帮助我解决这个问题。简单TIdHTTPServer的 OpenSSL 支持,用于使用基于 ECDH 的密钥解码来自客户端的 TLS 流量。
使用以下命令创建的服务器密钥:
openssl ecparam -name secp256k1 -genkey -noout -out key.pem
服务器调试日志:
23:33:14.878 SSL status: "before/accept initialization"
23:33:14.886 SSL status: "SSLv3 read client hello C"
23:33:14.886 SSL status: "error"
23:33:14.887 Connection from: 192.168.12.1:23727 Closed
23:33:14.887 EXCEPTION: Error accepting connection with SSL.
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
从这个问题来看,我似乎需要打电话SSL_CTX_set_ecdh_auto(ctx,1)
SSL 服务器初始化:
ServerIOHandler = new TIdServerIOHandlerSSLOpenSSL();
ServerIOHandler->SSLOptions->CertFile = CertPath;
ServerIOHandler->SSLOptions->KeyFile = KeyPath;
ServerIOHandler->SSLOptions->RootCertFile = RootCertPath;
ServerIOHandler->SSLOptions->Method = sslvTLSv1_2;
ServerIOHandler->SSLOptions->Mode = sslmServer;
//ServerIOHandler->SSLOptions->CipherList = "";
ServerIOHandler->SSLOptions->VerifyDepth = 1;
ServerIOHandler->OnGetPassword = OnGetServerPassword;
ServerIOHandler->OnStatusInfo = SSL_Status;
TLSServer->Bindings->Add();
TLSServer->Bindings->Items[0]->IP = TLSServerInfo.AdapterIP;
TLSServer->Bindings->Items[0]->Port = TLSServerInfo.LocalPort;
TLSServer->DefaultPort = TLSServerInfo.LocalPort;
TLSServer->IOHandler = ServerIOHandler;
try {
PanelServer->Active = true;
}
catch (Exception &Ex) {
Msg = String(L"SSL Server Bound Exception: ") + Ex.Message;
}
我已按照这些说明添加SSL_CTX_set_ecdh_auto()到我的IdSSLOpenSSLHeaders.pas文件中,但如果我尝试SSL_CTX_set_ecdh_auto()从我的代码中添加要调用的条目,我会收到“调用未定义函数‘SSL_CTX_set_ecdh_auto’”错误。
我正在运行 Indy 10.6.2。
