{"id":1067,"date":"2024-07-06T13:27:07","date_gmt":"2024-07-06T05:27:07","guid":{"rendered":"https:\/\/blog.nonot.cn\/?p=1067"},"modified":"2024-07-08T15:29:33","modified_gmt":"2024-07-08T07:29:33","slug":"%e6%a3%80%e6%9f%a5%e7%bd%91%e7%ab%99%e7%9a%84tls%e7%89%88%e6%9c%ac","status":"publish","type":"post","link":"https:\/\/blog.nonot.cn\/index.php\/2024\/07\/06\/%e6%a3%80%e6%9f%a5%e7%bd%91%e7%ab%99%e7%9a%84tls%e7%89%88%e6%9c%ac\/","title":{"rendered":"\u68c0\u67e5\u7f51\u7ad9\u7684TLS\u7248\u672c"},"content":{"rendered":"<p>\u6709\u65f6\u5019\u9700\u8981\u77e5\u9053\u67d0\u4e2a\u7f51\u7ad9\u652f\u6301\u7684<code>TLS<\/code>\u7684\u7248\u672c\u3002\u73b0\u5728<code>SSL 2.0<\/code>\u548c<code>SSL 3.0<\/code>\u90fd\u5df2\u7ecf\u88ab\u6dd8\u6c70\u4e86\u3002\u5176\u4e2d<code>TLS 1.0<\/code>\uff0c<code>TLS 1.1<\/code>\uff0c<code>TLS 1.2<\/code>\u662f\u76ee\u524d\u7684\u7684\u4e3b\u6d41\uff0c\u76f8\u5bf9\u4e5f\u662f\u5b89\u5168\u7684\u3002\u4e3b\u8981\u770b\u52a0\u5bc6\u7684\u7b97\u6cd5\u3002<code>TLS 1.3<\/code>\u662f\u76ee\u524d\u6700\u65b0\u7684\u534f\u8bae\u7248\u672c\uff0c\u4e5f\u662f\u76f8\u5bf9\u6700\u5b89\u5168\u7684\u7248\u672c\u4e86\u3002<\/p>\n<h2 id=\"\u901a\u8fc7\u7f51\u9875\u67e5\u770b\">\u901a\u8fc7\u7f51\u9875\u67e5\u770b<\/h2>\n<ul>\n<li><a href=\"https:\/\/myssl.com\/\" target=\"_blank\" rel=\"noopener\">SSL\/TLS\u5b89\u5168\u8bc4\u4f30\u62a5\u544a<\/a><\/li>\n<li><a href=\"https:\/\/www.ssllabs.com\/ssltest\/analyze.html\" target=\"_blank\" rel=\"noopener\">SSL Server Test (Powered by Qualys SSL Labs)<\/a><\/li>\n<\/ul>\n<h2 id=\"\u901a\u8fc7\u547d\u4ee4\u884c\">\u901a\u8fc7\u547d\u4ee4\u884c<\/h2>\n<h3 id=\"openssl\">1\u3001OpenSSL<\/h3>\n<pre><code>openssl s_client -connect www.baidu.com:443 -tls1_2\r\nopenssl s_client -connect www.baidu.com:443 -tls1_1\r\nopenssl s_client -connect www.baidu.com:443 -tls1\r\n<\/code><\/pre>\n<p>\u4ee5\u4e0a\u5206\u522b\u68c0\u67e5\u4e86<code>tls1.2<\/code>,<code>tls1.1<\/code>\u548c&#8220;tls1`\u3002\u5982\u679c\u63e1\u624b\u5931\u8d25\u7684\u8bdd\uff0c\u90a3\u4e48\u5c31\u662f\u4e0d\u652f\u6301\u4e86\u3002<\/p>\n<h2><strong>2\u3001\u4f7f\u7528 testssl.sh<\/strong><\/h2>\n<p>\u5b98\u7f51\uff1ahttps:\/\/testssl.sh\/<br \/>\nGitHub\uff1ahttps:\/\/github.com\/drwetter\/testssl.sh<\/p>\n<h3 id=\"nmap\">3\u3001NMAP<\/h3>\n<p>\u4f9d\u8d56\u4e8e<code>nmap<\/code><\/p>\n<div class=\"highlight\">\n<pre class=\"chroma\"><code class=\"language-bash\" data-lang=\"bash\"> nmap --script ssl-enum-ciphers -p <span class=\"m\">443<\/span> baidu.com \r\n<\/code><\/pre>\n<\/div>\n<p>\u7ed3\u679c\u5982\u4e0b\uff1a<\/p>\n<div class=\"highlight\">\n<pre class=\"chroma\"><code class=\"language-bash\" data-lang=\"bash\">Starting Nmap 7.91 <span class=\"o\">(<\/span> https:\/\/nmap.org <span class=\"o\">)<\/span> at 2020-11-29 09:51 CST\r\nNmap scan report <span class=\"k\">for<\/span> baidu.com <span class=\"o\">(<\/span>39.156.69.79<span class=\"o\">)<\/span>\r\nHost is up <span class=\"o\">(<\/span>0.0068s latency<span class=\"o\">)<\/span>.\r\nOther addresses <span class=\"k\">for<\/span> baidu.com <span class=\"o\">(<\/span>not scanned<span class=\"o\">)<\/span>: 220.181.38.148\r\n\r\nPORT    STATE SERVICE\r\n443\/tcp open  https\r\n<span class=\"p\">|<\/span> ssl-enum-ciphers: \r\n<span class=\"p\">|<\/span>   SSLv3: \r\n<span class=\"p\">|<\/span>     ciphers: \r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_RC4_128_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - C\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_128_CBC_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_256_CBC_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_RC4_128_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - C\r\n<span class=\"p\">|<\/span>     compressors: \r\n<span class=\"p\">|<\/span>       NULL\r\n<span class=\"p\">|<\/span>     cipher preference: server\r\n<span class=\"p\">|<\/span>     warnings: \r\n<span class=\"p\">|<\/span>       Broken cipher RC4 is deprecated by RFC <span class=\"m\">7465<\/span>\r\n<span class=\"p\">|<\/span>       CBC-mode cipher in SSLv3 <span class=\"o\">(<\/span>CVE-2014-3566<span class=\"o\">)<\/span>\r\n<span class=\"p\">|<\/span>   TLSv1.0: \r\n<span class=\"p\">|<\/span>     ciphers: \r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_RC4_128_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - C\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_128_CBC_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_256_CBC_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_RC4_128_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - C\r\n<span class=\"p\">|<\/span>     compressors: \r\n<span class=\"p\">|<\/span>       NULL\r\n<span class=\"p\">|<\/span>     cipher preference: server\r\n<span class=\"p\">|<\/span>     warnings: \r\n<span class=\"p\">|<\/span>       Broken cipher RC4 is deprecated by RFC <span class=\"m\">7465<\/span>\r\n<span class=\"p\">|<\/span>   TLSv1.1: \r\n<span class=\"p\">|<\/span>     ciphers: \r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_RC4_128_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - C\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_128_CBC_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_256_CBC_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_RC4_128_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - C\r\n<span class=\"p\">|<\/span>     compressors: \r\n<span class=\"p\">|<\/span>       NULL\r\n<span class=\"p\">|<\/span>     cipher preference: server\r\n<span class=\"p\">|<\/span>     warnings: \r\n<span class=\"p\">|<\/span>       Broken cipher RC4 is deprecated by RFC <span class=\"m\">7465<\/span>\r\n<span class=\"p\">|<\/span>   TLSv1.2: \r\n<span class=\"p\">|<\/span>     ciphers: \r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_RC4_128_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - C\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 <span class=\"o\">(<\/span>secp256r1<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_128_GCM_SHA256 <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_256_GCM_SHA384 <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_128_CBC_SHA256 <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_128_CBC_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_256_CBC_SHA256 <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_AES_256_CBC_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - A\r\n<span class=\"p\">|<\/span>       TLS_RSA_WITH_RC4_128_SHA <span class=\"o\">(<\/span>rsa 2048<span class=\"o\">)<\/span> - C\r\n<span class=\"p\">|<\/span>     compressors: \r\n<span class=\"p\">|<\/span>       NULL\r\n<span class=\"p\">|<\/span>     cipher preference: server\r\n<span class=\"p\">|<\/span>     warnings: \r\n<span class=\"p\">|<\/span>       Broken cipher RC4 is deprecated by RFC <span class=\"m\">7465<\/span>\r\n<span class=\"p\">|<\/span>_  least strength: C\r\n\r\nNmap <span class=\"k\">done<\/span>: <span class=\"m\">1<\/span> IP address <span class=\"o\">(<\/span><span class=\"m\">1<\/span> host up<span class=\"o\">)<\/span> scanned in 3.22 seconds\r\n\r\n<\/code><\/pre>\n<h2 class=\"chroma\"><code class=\"language-bash\" data-lang=\"bash\"><strong>4\u3001F12\u5927\u6cd5<\/strong><\/code><\/h2>\n<pre class=\"chroma\"><code class=\"language-bash\" data-lang=\"bash\">\r\n\r\n\u4f7f\u7528\u6d4f\u89c8\u5668\u7684\u3010F12\u3011\uff0c\u5728\u3010\u5b89\u5168\u6027\u3011\u53ef\u4ee5\u67e5\u770b\u5230\u6b64\u9875\u9762\u4e0a\u4f7f\u7528\u7684TLS\u7248\u672c\u3002\r\n\r\n<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1075\" title=\"06010736_65983758253ee51766-1-1-1\" src=\"https:\/\/blog.nonot.cn\/wp-content\/uploads\/replace\/69ba0f258fe71a53f99d92e068c332b7.png\" alt=\"06010736_65983758253ee51766-1-1-1\" width=\"1184\" height=\"323\" \/><\/code><span class=\"wbspy-placeholder-tip\" style=\"position: absolute; top: 50%; left: 0; width: 100%; text-align: center; line-height: 20px; font-size: 16px; margin-top: -10px;\">imgSpider \u91c7\u96c6\u4e2d...<\/span><\/pre>\n<pre class=\"chroma\"><code class=\"language-bash\" data-lang=\"bash\"><\/code><\/pre>\n<\/div>\n<h2><strong>5\u3001\u7f51\u9875\u67e5\u8be2<\/strong><\/h2>\n<p>https:\/\/www.ssllabs.com\/ssltest\/analyze.html<\/p>\n<p>&nbsp;<\/p>\n<h2>6\u3001\u4f7f\u7528CURL\uff08windows\u4e0b\u4e0d\u53ef\u7528\uff09<\/h2>\n<p>curl &#8211;tlsv1.0 -v &#8220;https:\/\/www.baidu.com&#8221;<\/p>\n<p>curl &#8211;tlsv1.1 -v &#8220;https:\/\/www.baidu.com&#8221;<\/p>\n<p>curl &#8211;tlsv1.2 -v &#8220;https:\/\/www.baidu.com&#8221;<\/p>\n<p>-0, &#8211;http1.0<br \/>\n(HTTP)\u5f3a\u5236curl\u4f7f\u7528HTTP 1.0\u53d1\u51fa\u8bf7\u6c42\uff0c\u800c\u4e0d\u662f\u4f7f\u7528\u5176\u5185\u90e8\u9996\u9009\u7684HTTP 1.1\u3002<\/p>\n<p>-1, &#8211;tlsv1<br \/>\n(SSL)\u5f3a\u5236curl\u4f7f\u7528TLS 1.x \u7248\u672c\uff0c\u5f53\u4e0e\u8fdc\u7a0bTLS\u670d\u52a1\u8fdb\u884c\u534f\u5546\u65f6\u3002 \u53ef\u4ee5\u4f7f\u7528\u9009\u9879 &#8211;tlsv1.0\u3001&#8211;tlsv1.1\u548c &#8211;tlsv1.2\u6765\u66f4\u7cbe\u786e\u5730\u63a7\u5236TLS\u7248\u672c(\u5982\u679c\u4f7f\u7528\u7684SSL\u540e\u7aef\u652f\u6301\u8fd9\u79cd\u7ea7\u522b\u7684\u63a7\u5236)\u3002<\/p>\n<p>-2, &#8211;sslv2<br \/>\n(SSL)\u5f3a\u5236curl\u4f7f\u7528TLS 2 \u7248\u672c\uff0c\u5f53\u4e0e\u8fdc\u7a0bTLS\u670d\u52a1\u8fdb\u884c\u534f\u5546\u65f6\u3002<\/p>\n<p>-3, &#8211;sslv3<br \/>\n(SSL)\u5f3a\u5236curl\u4f7f\u7528TLS 3 \u7248\u672c\uff0c\u5f53\u4e0e\u8fdc\u7a0bTLS\u670d\u52a1\u8fdb\u884c\u534f\u5546\u65f6\u3002<\/p>\n<p>-4, &#8212;\u00a0ipv4<br \/>\n\u5982\u679ccurl\u80fd\u591f\u5c06\u4e00\u4e2a\u5730\u5740\u89e3\u6790\u4e3a\u591a\u4e2aIP\u7248\u672c(\u6bd4\u5982\u5b83\u652f\u6301ipv4\u548c\u00a0ipv6)\uff0c\u90a3\u4e48\u8fd9\u4e2a\u9009\u9879\u544a\u8bc9curl\u53ea\u5c06\u540d\u79f0\u89e3\u6790\u4e3aIPv4\u5730\u5740\u3002<\/p>\n<p>-6, &#8211;ipv6<br \/>\n\u5982\u679ccurl\u80fd\u591f\u5c06\u4e00\u4e2a\u5730\u5740\u89e3\u6790\u4e3a\u591a\u4e2aIP\u7248\u672c(\u6bd4\u5982\u5b83\u652f\u6301ipv4\u548cipv6)\uff0c\u90a3\u4e48\u8fd9\u4e2a\u9009\u9879\u544a\u8bc9curl\u53ea\u5c06\u540d\u79f0\u89e3\u6790\u4e3aIPv6\u5730\u5740\u3002<\/p>\n<p>&nbsp;<\/p>\n<h3 id=\"powershell\">7\u3001PowerShell<\/h3>\n<p>\u53ef\u4ee5\u7528\u5982\u4e0b\u7684\u51fd\u6570\uff0c\u6765\u6e90\uff1a<a href=\"https:\/\/www.sysadmins.lv\/blog-en\/test-web-server-ssltls-protocol-support-with-powershell.aspx\" target=\"_blank\" rel=\"noopener\">Test web server SSL\/TLS protocol support with PowerShell &#8211; PKI Extensions<\/a><\/p>\n<div class=\"highlight\">\n<pre class=\"chroma\"><code class=\"language-PowerShell\" data-lang=\"PowerShell\"><span class=\"k\">function<\/span> <span class=\"nb\">Test-ServerSSLSupport<\/span> <span class=\"p\">{<\/span>\r\n<span class=\"p\">[<\/span><span class=\"k\">CmdletBinding<\/span><span class=\"p\">()]<\/span>\r\n    <span class=\"k\">param<\/span><span class=\"p\">(<\/span>\r\n        <span class=\"p\">[<\/span><span class=\"k\">Parameter<\/span><span class=\"p\">(<\/span><span class=\"k\">Mandatory<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$true<\/span><span class=\"p\">,<\/span> <span class=\"k\">ValueFromPipeline<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$true<\/span><span class=\"p\">)]<\/span>\r\n        <span class=\"p\">[<\/span><span class=\"n\">ValidateNotNullOrEmpty<\/span><span class=\"p\">()]<\/span>\r\n        <span class=\"no\">[string]<\/span><span class=\"nv\">$HostName<\/span><span class=\"p\">,<\/span>\r\n        <span class=\"no\">[UInt16]<\/span><span class=\"nv\">$Port<\/span> <span class=\"p\">=<\/span> <span class=\"n\">443<\/span>\r\n    <span class=\"p\">)<\/span>\r\n    <span class=\"k\">process<\/span> <span class=\"p\">{<\/span>\r\n        <span class=\"nv\">$RetValue<\/span> <span class=\"p\">=<\/span> <span class=\"nb\">New-Object<\/span> <span class=\"n\">psobject<\/span> <span class=\"n\">-Property<\/span> <span class=\"p\">@{<\/span>\r\n            <span class=\"n\">Host<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$HostName<\/span>\r\n            <span class=\"n\">Port<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$Port<\/span>\r\n            <span class=\"n\">SSLv2<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$false<\/span>\r\n            <span class=\"n\">SSLv3<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$false<\/span>\r\n            <span class=\"n\">TLSv1_0<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$false<\/span>\r\n            <span class=\"n\">TLSv1_1<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$false<\/span>\r\n            <span class=\"n\">TLSv1_2<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$false<\/span>\r\n            <span class=\"n\">KeyExhange<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$null<\/span>\r\n            <span class=\"n\">HashAlgorithm<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$null<\/span>\r\n        <span class=\"p\">}<\/span>\r\n        <span class=\"s2\">\"ssl2\"<\/span><span class=\"p\">,<\/span> <span class=\"s2\">\"ssl3\"<\/span><span class=\"p\">,<\/span> <span class=\"s2\">\"tls\"<\/span><span class=\"p\">,<\/span> <span class=\"s2\">\"tls11\"<\/span><span class=\"p\">,<\/span> <span class=\"s2\">\"tls12\"<\/span> <span class=\"p\">|<\/span> <span class=\"p\">%{<\/span>\r\n            <span class=\"nv\">$TcpClient<\/span> <span class=\"p\">=<\/span> <span class=\"nb\">New-Object<\/span> <span class=\"n\">Net<\/span><span class=\"p\">.<\/span><span class=\"n\">Sockets<\/span><span class=\"p\">.<\/span><span class=\"n\">TcpClient<\/span>\r\n            <span class=\"nv\">$TcpClient<\/span><span class=\"p\">.<\/span><span class=\"n\">Connect<\/span><span class=\"p\">(<\/span><span class=\"nv\">$RetValue<\/span><span class=\"p\">.<\/span><span class=\"n\">Host<\/span><span class=\"p\">,<\/span> <span class=\"nv\">$RetValue<\/span><span class=\"p\">.<\/span><span class=\"n\">Port<\/span><span class=\"p\">)<\/span>\r\n            <span class=\"nv\">$SslStream<\/span> <span class=\"p\">=<\/span> <span class=\"nb\">New-Object<\/span> <span class=\"n\">Net<\/span><span class=\"p\">.<\/span><span class=\"n\">Security<\/span><span class=\"p\">.<\/span><span class=\"n\">SslStream<\/span> <span class=\"nv\">$TcpClient<\/span><span class=\"p\">.<\/span><span class=\"n\">GetStream<\/span><span class=\"p\">(),<\/span>\r\n                <span class=\"nv\">$true<\/span><span class=\"p\">,<\/span>\r\n                <span class=\"p\">(<\/span><span class=\"no\">[System.Net.Security.RemoteCertificateValidationCallback]<\/span><span class=\"p\">{<\/span> <span class=\"nv\">$true<\/span> <span class=\"p\">})<\/span>\r\n            <span class=\"nv\">$SslStream<\/span><span class=\"p\">.<\/span><span class=\"n\">ReadTimeout<\/span> <span class=\"p\">=<\/span> <span class=\"n\">15000<\/span>\r\n            <span class=\"nv\">$SslStream<\/span><span class=\"p\">.<\/span><span class=\"n\">WriteTimeout<\/span> <span class=\"p\">=<\/span> <span class=\"n\">15000<\/span>\r\n            <span class=\"k\">try<\/span> <span class=\"p\">{<\/span>\r\n                <span class=\"nv\">$SslStream<\/span><span class=\"p\">.<\/span><span class=\"n\">AuthenticateAsClient<\/span><span class=\"p\">(<\/span><span class=\"nv\">$RetValue<\/span><span class=\"p\">.<\/span><span class=\"n\">Host<\/span><span class=\"p\">,<\/span><span class=\"nv\">$null<\/span><span class=\"p\">,<\/span><span class=\"nv\">$_<\/span><span class=\"p\">,<\/span><span class=\"nv\">$false<\/span><span class=\"p\">)<\/span>\r\n                <span class=\"nv\">$RetValue<\/span><span class=\"p\">.<\/span><span class=\"n\">KeyExhange<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$SslStream<\/span><span class=\"p\">.<\/span><span class=\"n\">KeyExchangeAlgorithm<\/span>\r\n                <span class=\"nv\">$RetValue<\/span><span class=\"p\">.<\/span><span class=\"n\">HashAlgorithm<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$SslStream<\/span><span class=\"p\">.<\/span><span class=\"n\">HashAlgorithm<\/span>\r\n                <span class=\"nv\">$status<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$true<\/span>\r\n            <span class=\"p\">}<\/span> <span class=\"k\">catch<\/span> <span class=\"p\">{<\/span>\r\n                <span class=\"nv\">$status<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$false<\/span>\r\n            <span class=\"p\">}<\/span>\r\n            <span class=\"k\">switch<\/span> <span class=\"p\">(<\/span><span class=\"nv\">$_<\/span><span class=\"p\">)<\/span> <span class=\"p\">{<\/span>\r\n                <span class=\"s2\">\"ssl2\"<\/span> <span class=\"p\">{<\/span><span class=\"nv\">$RetValue<\/span><span class=\"p\">.<\/span><span class=\"n\">SSLv2<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$status<\/span><span class=\"p\">}<\/span>\r\n                <span class=\"s2\">\"ssl3\"<\/span> <span class=\"p\">{<\/span><span class=\"nv\">$RetValue<\/span><span class=\"p\">.<\/span><span class=\"n\">SSLv3<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$status<\/span><span class=\"p\">}<\/span>\r\n                <span class=\"s2\">\"tls\"<\/span> <span class=\"p\">{<\/span><span class=\"nv\">$RetValue<\/span><span class=\"p\">.<\/span><span class=\"n\">TLSv1_0<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$status<\/span><span class=\"p\">}<\/span>\r\n                <span class=\"s2\">\"tls11\"<\/span> <span class=\"p\">{<\/span><span class=\"nv\">$RetValue<\/span><span class=\"p\">.<\/span><span class=\"n\">TLSv1_1<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$status<\/span><span class=\"p\">}<\/span>\r\n                <span class=\"s2\">\"tls12\"<\/span> <span class=\"p\">{<\/span><span class=\"nv\">$RetValue<\/span><span class=\"p\">.<\/span><span class=\"n\">TLSv1_2<\/span> <span class=\"p\">=<\/span> <span class=\"nv\">$status<\/span><span class=\"p\">}<\/span>\r\n            <span class=\"p\">}<\/span>\r\n            <span class=\"c\"># dispose objects to prevent memory leaks<\/span>\r\n            <span class=\"nv\">$TcpClient<\/span><span class=\"p\">.<\/span><span class=\"n\">Dispose<\/span><span class=\"p\">()<\/span>\r\n            <span class=\"nv\">$SslStream<\/span><span class=\"p\">.<\/span><span class=\"n\">Dispose<\/span><span class=\"p\">()<\/span>\r\n        <span class=\"p\">}<\/span>\r\n        <span class=\"nv\">$RetValue<\/span>\r\n    <span class=\"p\">}<\/span>\r\n<span class=\"p\">}<\/span><\/code><\/pre>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u6709\u65f6\u5019\u9700\u8981\u77e5\u9053\u67d0\u4e2a\u7f51\u7ad9\u652f\u6301\u7684TLS\u7684\u7248\u672c\u3002\u73b0\u5728SSL 2.0&hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-1067","post","type-post","status-publish","format-standard","hentry","category-webanquan"],"_links":{"self":[{"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/posts\/1067","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1067"}],"version-history":[{"count":3,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/posts\/1067\/revisions"}],"predecessor-version":[{"id":1077,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/posts\/1067\/revisions\/1077"}],"wp:attachment":[{"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1067"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1067"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.nonot.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1067"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}