利用OpenSSL搭建基于预共享密钥模式的TLS1.3 Ubuntu服务器
找到最新版openssl
参考下面的链接进行配置
https://blog.csdn.net/u012670181/article/details/104102110
服务器搭建
先安装 libssl-dev,这就是 openssl 的开发版本套件。 并安装 busybox,我们会使用到里面的简易 web server
sudo apt-get install libssl-dev
sudo apt-get install busybox
去官网https://www.stunnel.org/downloads.html下载最新版的stunnel
解压缩 stunnel 后,configure 后直接make即可
tar zvfx stunnel-5.64.tar.gz
cd stunnel-5.64
./configure
make
配置文件:
参考stunnel官方psk例程:
另外找到TLSv1.3的开启方法
echo "<H1> swswssw </H1>" > /tmp/index.html
echo "[https]" > /tmp/conf
echo "accept = 1443" >> /tmp/conf
echo "connect = 1080" >> /tmp/conf
echo "ciphers = PSK" >> /tmp/conf
echo "PSKsecrets = /tmp/pass" >> /tmp/conf
echo "sslVersionMin = TLSv1.3" >> /tmp/conf
echo "user:00000000000000000000000000000000" > /tmp/pass
/tmp/conf
:
[https]
accept = 1443
connect = 1080
ciphers = PSK
PSKsecrets = /tmp/pass
sslVersionMin = TLSv1.3
/tmp/pass
:
user:00000000000000000000000000000000
若开启过stunnel,则killall stunnel
关闭进程,开启stunnel:
./stunnel /tmp/conf
无其他回显,则成功
为测试网页写入代码
echo "<H1> swswssw </H1>" > /tmp/index.html
若开启过busybox,则killall busybox
关闭进程,开启busybox:
busybox httpd -h /tmp -p 127.0.0.1:1080
访问127.0.0.1:1080,成功搭建服务器
客户端搭建
直到配置文件前,与服务器操作相同
配置文件参考stunnel官方psk例程:
echo "[client]" > /tmp/conf
echo "client = yes" >> /tmp/conf
echo "accept = 127.0.0.1:3180" >> /tmp/conf
echo "connect = 192.168.220.144:1443" >> /tmp/conf
echo "ciphers = PSK" >> /tmp/conf
echo "PSKsecrets = /tmp/pass" >> /tmp/conf
echo "sslVersionMin = TLSv1.3" >> /tmp/conf
echo "user:00000000000000000000000000000000" > /tmp/pass
/tmp/conf
:
[client]
client = yes
accept = 127.0.0.1:3180
connect = 192.168.220.144:1443
ciphers = PSK
PSKsecrets = /tmp/pass
sslVersionMin = TLSv1.3
/tmp/pass
:
user:00000000000000000000000000000000
若开启过stunnel,则killall stunnel
关闭进程,开启stunnel:
./stunnel /tmp/conf
无其他回显,则成功
开启wireshark,开始抓包
访问127.0.0.1:3180:
成功抓包
原创文章,作者:Maggie-Hunter,如若转载,请注明出处:https://blog.ytso.com/tech/aiops/267760.html