gpt4 book ai didi

ssl - 在哪些情况下 SSL 服务器可以省略发送证书?

转载 作者:太空宇宙 更新时间:2023-11-03 12:51:31 26 4
gpt4 key购买 nike

我正在尝试找出 SSL 握手过程。阅读完 TLS in Wikipedia 后我看到了

The server sends its Certificate message (depending on the selected cipher suite, this may be omitted by the server)

我在现实生活中也看到过这种行为,但仅限于用户最终收到“无效证书”警告的情况。

我想知道在什么情况下服务器可以省略证书?那么在这种情况下客户端如何验证服务器的身份呢?或者它只保留在服务器没有证书并放弃发送假证书的情况下,知道用户无论如何都会看到浏览器警告?

谢谢!

最佳答案

一些密码套件不依赖于证书:

  • anonymous cipher suites ,在主要 TLS RFC 中定义(包含 DH_anon 的名称)。其中一些可以提供加密,但不提供身份验证,这是不安全的。 Section A.5说了以下关于他们的事:

The following cipher suites are used for completely anonymousDiffie-Hellman communications in which neither party isauthenticated. Note that this mode is vulnerable to man-in-the-middle attacks. Using this mode therefore is of limited use: Thesecipher suites MUST NOT be used by TLS 1.2 implementations unless theapplication layer has specifically requested to allow anonymous keyexchange. (Anonymous key exchange may sometimes be acceptable, forexample, to support opportunistic encryption when no set-up forauthentication is in place, or when TLS is used as part of morecomplex security protocols that have other means to ensureauthentication.)

关于ssl - 在哪些情况下 SSL 服务器可以省略发送证书?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/8413093/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com