openssl cookbook
1,想让自己网站支持ssl,需要有以下步骤:
生成私钥
创建CSR(Certificate Signing Request),发送到CA
使用CA返回的证书
2,生成私钥
生成ecdsa私钥
openssl ecparam -genkey -name secp256r1|openssl ec -out ec.key -aes128
生成rsa私钥
openssl genrsa -aes128 -out fd.key 2048
3,创建CSR
openssl req -new -key ec.key -out ec.csr
openssl req -new -key fd.key -out fd.csr
创建过程中需要输入一些信息。
A challenge password []:.
An optional company name []:.
这两项可以直接输入".",这里的password基本没有什么用,也与加密无关,可以忽略。
将CSR发送给CA,生成证书。
也可以自己来生成证书,用作测试,别人是不会认可的^_^
openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt
默认情况下,上面方法产生的证书只能给一个域名使用,当要给多个域名使用时,可以考虑通配符,比如 *.example.com
可以创建 fd.ext 文件,写入如下内容:
subjectAltName = DNS:*.example.com, DNS:example.com
然后生成证书时,使用命令
openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt -extfile fd.ext
这样生成的证书就能够被*.example.com使用,并且可以从证书中看到如下扩展信息:
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:*.example.com, DNS:example.com
CA签发的证书还包含其他的扩展。
a,CRL
Certificate Revocation List (CRL) are CA-signed lists of revoked certificates, published at regular time intervals (e.g., seven days).
b,CPS
Certificate Policy Statement (CPS) points, which are usually web pages or PDF documents
c,AIA
包含两部分:
OCSP:Online Certificate Status Protocol 地址,用于实时检测证书的有效性
签发者的证书地址(签发者如果不是根CA的话,就必须要有上一级CA给签发的证书)
d,Subject Key &Authority Key Identifier
用于建立证书链。证书的Authority Key必须和签发者证书的Subject Key一致,这样客户端就能够根据两个key建立两个证书的签发关系。
证书和key的格式
DER格式:
使用DER ASN.1编码的raw格式
PEM格式:
使用base64编码的DER格式,同时包含一些其他信息,比如
PEM证书:
-----BEGIN CERTIFICATE-----
base64(DER)
-----END CERTIFICATE-----
PEM key:
base64(DER key)
cipher suites 的选择
1,openssl ciphers 命令,用来测试支持的cipher suites,支持各种查询条件:
a,获取当前openssl支持的cipher suites
openssl ciphers -v 'ALL:COMPLEMENTOFALL'
openssl ciphers -v 'aECDSA:!RC4:!DES'
一些考虑:
1. Use only strong ciphers of 128 effective bits and up (this excludes 3DES).
2. Use only suites that provide strong authentication (this excludes anonymous and ex-
port suites).
3. Do not use any suites that rely on weak primitives (e.g., MD5).
4. Implement robust support for forward secrecy, no matter what keys and protocols are
used. With this requirement comes a slight performance penalty, because I won’t be
able to use the fast RSA key exchange. I’ll minimize the penalty by prioritizing ECD-
HE, which is substantially faster than DHE.
5. Prefer ECDSA over RSA. This requirement makes sense only in dual-key deployments,
in which we want to use the faster ECDSA operations wherever possible, but fall back
to RSA when talking to clients that do not yet support ECDSA.
6. With TLS 1.2 clients, prefer AES GCM suites, which provide the best security TLS can
offer.
7. Because RC4 was recently found to be weaker than previously thought, 11 we want to
push it to the end of the list. That’s almost as good as disabling it. Although BEAST
might still be a problem in some situations, I’ll assume that it’s been mitigated client-
side.
The weak suites can be identified with the following cipher strings:
• aNULL ; no authentication
• eNULL ; no encryption
• LOW ; low-strength suites
• 3DES ; effective strength of 108 bits
• MD5 ; suites that use MD5
• EXP ; obsolete export suites
!DSS !PSK !SRP: obsolete suites
!CAMELLIA !IDEA !SEED:obsolete suites
推荐的cipher suites(强安全性+高性能)
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-CHACHA20-POLY1305 (openssl 1.1以上版本)
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-ECDSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-CHACHA20-POLY1305 (openssl 1.1以上版本)
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES128-SHA
DHE-RSA-AES256-SHA
DHE-RSA-AES128-SHA256
DHE-RSA-AES256-SHA256
下面的用于支持老旧客户端,tls1.0,tls1.1:
EDH-RSA-DES-CBC3-SHA
AES128-SHA
AES256-SHA
DES-CBC3-SHA
ECDHE-RSA-RC4-SHA
RC4-SHA
下面是TLS1.3
TLS13-AES-256-GCM-SHA384
TLS13-CHACHA20-POLY1305-SHA256
TLS13-AES-128-GCM-SHA256
TLS13-AES-128-CCM-8-SHA256
TLS13-AES-128-CCM-SHA256
测试速度
openssl speed xxx (xxx是待测试的任何东西)
openssl speed -multi n(n是能够使用的cpu核数) xxx
openssl speed -evp (evp 启动硬件加速)aes-128-cbc