利用OpenSSL搭建基于预共享密钥模式的TLS1.3 Ubuntu服务器


利用OpenSSL搭建基于预共享密钥模式的TLS1.3 Ubuntu服务器

找到最新版openssl

img

参考下面的链接进行配置

https://blog.csdn.net/u012670181/article/details/104102110

服务器搭建

先安装 libssl-dev,这就是 openssl 的开发版本套件。 并安装 busybox,我们会使用到里面的简易 web server

sudo apt-get install libssl-dev
sudo apt-get install busybox

去官网https://www.stunnel.org/downloads.html下载最新版的stunnel

img

解压缩 stunnel 后,configure 后直接make即可

tar zvfx stunnel-5.64.tar.gz
cd stunnel-5.64
./configure
make

配置文件:

参考stunnel官方psk例程:

img

另外找到TLSv1.3的开启方法

img

echo "<H1> swswssw </H1>" > /tmp/index.html
echo "[https]" > /tmp/conf
echo "accept = 1443" >> /tmp/conf
echo "connect = 1080" >> /tmp/conf
echo "ciphers = PSK" >> /tmp/conf
echo "PSKsecrets = /tmp/pass" >> /tmp/conf
echo "sslVersionMin = TLSv1.3" >> /tmp/conf
echo "user:00000000000000000000000000000000" > /tmp/pass

 

/tmp/conf

[https]
accept = 1443
connect = 1080
ciphers = PSK
PSKsecrets = /tmp/pass
sslVersionMin = TLSv1.3

/tmp/pass

user:00000000000000000000000000000000

 

若开启过stunnel,则killall stunnel关闭进程,开启stunnel:

./stunnel /tmp/conf

无其他回显,则成功

img

 

为测试网页写入代码

echo "<H1> swswssw </H1>" > /tmp/index.html

若开启过busybox,则killall busybox关闭进程,开启busybox:

busybox httpd -h /tmp -p 127.0.0.1:1080

访问127.0.0.1:1080,成功搭建服务器

img

客户端搭建

直到配置文件前,与服务器操作相同

配置文件参考stunnel官方psk例程:

img

echo "[client]" > /tmp/conf
echo "client = yes" >> /tmp/conf
echo "accept = 127.0.0.1:3180" >> /tmp/conf
echo "connect = 192.168.220.144:1443" >> /tmp/conf
echo "ciphers = PSK" >> /tmp/conf
echo "PSKsecrets = /tmp/pass" >> /tmp/conf
echo "sslVersionMin = TLSv1.3" >> /tmp/conf
echo "user:00000000000000000000000000000000" > /tmp/pass

 

/tmp/conf

[client]
client = yes
accept = 127.0.0.1:3180
connect = 192.168.220.144:1443
ciphers = PSK
PSKsecrets = /tmp/pass
sslVersionMin = TLSv1.3

/tmp/pass

user:00000000000000000000000000000000

 

若开启过stunnel,则killall stunnel关闭进程,开启stunnel:

./stunnel /tmp/conf

无其他回显,则成功

img

 

开启wireshark,开始抓包

访问127.0.0.1:3180:

img

成功抓包

img

 

原创文章,作者:Maggie-Hunter,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/267760.html

(0)
上一篇 2022年6月19日 00:30
下一篇 2022年6月19日 00:30

相关推荐

发表回复

登录后才能评论