V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
zong400
V2EX  ›  程序员

吐槽一下钉钉域名竟然不支持 tls1.3

  •  
  •   zong400 · 112 天前 · 1897 次点击
    这是一个创建于 112 天前的主题,其中的信息可能已经有所发展或是发生改变。

    用他的 java sdk 总是 ssl 握手失败,查了一个下午发现是不支持 tls1.3 ,jdk1.8 在比较新的版本都是默认 tls1.3 的,版本对不上握手失败。

    Starting Nmap 7.60 ( https://nmap.org ) at 2024-08-05 10:46 CST
    Nmap scan report for oapi.dingtalk.com (106.11.40.32)
    Host is up (0.014s latency).
    Other addresses for oapi.dingtalk.com (not scanned): 2401:b180:2000:50::b 2401:b180:2000:80::d 2401:b180:2000:70::e 2401:b180:2000:60::f
    
    PORT    STATE SERVICE
    443/tcp open  https
    | ssl-enum-ciphers: 
    |   TLSv1.0: 
    |     ciphers: 
    |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |     compressors: 
    |       NULL
    |     cipher preference: server
    |   TLSv1.1: 
    |     ciphers: 
    |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |     compressors: 
    |       NULL
    |     cipher preference: server
    |   TLSv1.2: 
    |     ciphers: 
    |       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    |       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    |     compressors: 
    |       NULL
    |     cipher preference: server
    |_  least strength: A
    
    Nmap done: 1 IP address (1 host up) scanned in 6.92 seconds
    
    第 1 条附言  ·  112 天前

    更正:钉钉支持tls1.3,楼下有大佬帖了正确结果

    之前判断有误因为是看了java debug的log,判断tls版本不匹配握手失败,加了参数-Djdk.tls.client.protocols=TLSv1.2 启动才能成功,接着又用了旧版nmap不支持tls1.3的去测试

    javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.427 CST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 520
    
    javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.442 CST|SSLSocketInputRecord.java:213|READ: TLSv1.2 alert, length = 2
    
    第 2 条附言  ·  112 天前
    程序为什么用 tls1.3 握手失败这个没研究清楚
    13 条回复    2024-08-05 23:05:52 +08:00
    zengxs
        1
    zengxs  
       112 天前
    TLS 版本都是自动协商的,不支持 1.3 会自动回退到 1.2 ,看看是不是环境的问题
    e3c78a97e0f8
        2
    e3c78a97e0f8  
       112 天前
    国内不支持 TLS1.3 的网站多了去了
    fredcc
        3
    fredcc  
       112 天前   ❤️ 1
    支持 tls 1.3 啊
    zong400
        4
    zong400  
    OP
       112 天前
    @zengxs 没有回退,环境是指 jdk 吗? jdk8u372 容器
    zong400
        5
    zong400  
    OP
       112 天前
    @fredcc 你是用什么测试的?我用命令 nmap --script ssl-enum-ciphers -p 443 oapi.dingtalk.com
    zealot
        6
    zealot  
       112 天前   ❤️ 2
    钉钉的域名支持 TLS1.3 ;
    你的检测结果中没有显示 TLS 1.3 的原因是你用的 nmap 版本比较旧( 7.6 版本的 nmap 发布时候还没有 TLS 1.3 协议),换个最新版本 nmap 就可以。

    你用的这个 nmap 版本号是 7.60 ,发布日期是 2017-07-31 详见: https://svn.nmap.org/nmap-releases/nmap-7.60/CHANGELOG

    TLS 1.3 协议是 2018 年 8 月发布的,详见 IETF 文档: https://datatracker.ietf.org/doc/html/rfc8446

    nmap 在 2021 年 12 月才支持了 TLS 1.3 ,详见代码提交记录: https://github.com/mzet-/Nmap-for-Pen-Testers/commit/f55c200783af64f2ecb286244056e83098d74e97

    最新的 nmap 7.95 版本检测钉钉域名是支持 TLS 1.3 的:
    ```
    $ nmap --script ssl-enum-ciphers -p 443 oapi.dingtalk.com
    Starting Nmap 7.95 ( https://nmap.org ) at 2024-08-05 14:08 CST
    Nmap scan report for oapi.dingtalk.com (106.11.35.100)
    Host is up (0.047s latency).
    Other addresses for oapi.dingtalk.com (not scanned): 2401:b180:2000:80::d 2401:b180:2000:50::b 2401:b180:2000:60::f 2401:b180:2000:70::e

    PORT STATE SERVICE
    443/tcp open https
    | ssl-enum-ciphers:
    | TLSv1.0:
    | ciphers:
    | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
    | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
    | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    | compressors:
    | NULL
    | cipher preference: server
    | TLSv1.1:
    | ciphers:
    | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
    | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
    | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    | compressors:
    | NULL
    | cipher preference: server
    | TLSv1.2:
    | ciphers:
    | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
    | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
    | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
    | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ecdh_x25519) - A
    | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
    | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
    | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
    | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
    | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
    | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
    | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    | compressors:
    | NULL
    | cipher preference: server
    | TLSv1.3:
    | ciphers:
    | TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
    | TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
    | TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
    | TLS_AKE_WITH_SM4_CCM_SM3 (ecdh_x25519) - A
    | TLS_AKE_WITH_SM4_GCM_SM3 (ecdh_x25519) - A
    | cipher preference: server
    |_ least strength: A

    Nmap done: 1 IP address (1 host up) scanned in 3.58 seconds
    ```

    SSL Labs 检测结果也同样显示支持 TLS 1.3: https://www.ssllabs.com/ssltest/analyze.html?d=oapi.dingtalk.com
    p.s. 这个域名还在支持 TLS 1.0 和 TLS 1.1 的原因是还有很多企业不支持更高版本的 TLS 。不过安全团队针对低版本的 TLS 的加密套件做了定制,剔除一些低版本中有重大风险的加密套件。

    ![]( )
    zong400
        7
    zong400  
    OP
       112 天前
    @zealot 疏忽了,原来 nmap 旧版的原因
    不过从 java debug 看的确是 tls 版本不对所以握手失败,也没有回退到 1.2
    ```
    javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.427 CST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 520

    javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.442 CST|SSLSocketInputRecord.java:213|READ: TLSv1.2 alert, length = 2
    ```

    另外从你的结果看,tls1.3 支持的加密套件没有 RSA 的,这个我有点疑惑啊,他的证书是用 RSA 签发吧
    CloudMx
        8
    CloudMx  
       112 天前
    可以的.
    ➜ ~ curl -v -I --tls-max 1.3 https://oapi.dingtalk.com
    * Host oapi.dingtalk.com:443 was resolved.
    * IPv6: (none)
    * IPv4: 106.11.43.136
    * Trying 106.11.43.136:443...
    * Connected to oapi.dingtalk.com (106.11.43.136) port 443
    * ALPN: curl offers h2,http/1.1
    * TLSv1.3 (OUT), TLS handshake, Client hello (1):
    * CAfile: /opt/anaconda3/ssl/cacert.pem
    * CApath: none
    * TLSv1.3 (IN), TLS handshake, Server hello (2):
    * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
    * TLSv1.3 (IN), TLS handshake, Certificate (11):
    * TLSv1.3 (IN), TLS handshake, CERT verify (15):
    * TLSv1.3 (IN), TLS handshake, Finished (20):
    * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
    * TLSv1.3 (OUT), TLS handshake, Finished (20):
    * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
    * ALPN: server accepted h2
    * Server certificate:
    * subject: C=CN; ST=ZheJiang; L=HangZhou; O=Alibaba (China) Technology Co., Ltd.; CN=*.dingtalk.com
    * start date: Apr 8 04:56:05 2024 GMT
    * expire date: May 10 04:56:04 2025 GMT
    * subjectAltName: host "oapi.dingtalk.com" matched cert's "*.dingtalk.com"
    * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G3
    * SSL certificate verify ok.
    * Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
    * Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
    * Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha1WithRSAEncryption
    * using HTTP/2
    * [HTTP/2] [1] OPENED stream for https://oapi.dingtalk.com/
    fredcc
        10
    fredcc  
       112 天前
    检测结果看人家的策略没啥问题,抓个网络包看下握手失败原因吧。
    zealot
        11
    zealot  
       112 天前
    @zong400 RSA 是很老的算法了,ECC 综合指标显著优于 RSA ,了解技术的都会在 TLS 1.3 里采用 ECC 而不是 RSA
    zong400
        12
    zong400  
    OP
       112 天前
    @zealot 我意思是从浏览器看到证书是用 RSA 签的,但是你的 nmap 结果里面 tls1.3 ciphers 都是 TLS_AKE_WITH_XXX ,没有 TLS_RSA_WITH_XXX
    VKLER
        13
    VKLER  
       111 天前
    你项目中有用到 OkHttp 的库嘛?看看是不是版本冲突了,低版本可能不支持 TLSv1.3
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   3411 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 22ms · UTC 11:48 · PVG 19:48 · LAX 03:48 · JFK 06:48
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.