吐槽一下钉钉域名竟然不支持 tls1.3

2024-08-05 10:54:08 +08:00
 zong400

用他的 java sdk 总是 ssl 握手失败,查了一个下午发现是不支持 tls1.3 ,jdk1.8 在比较新的版本都是默认 tls1.3 的,版本对不上握手失败。

Starting Nmap 7.60 ( https://nmap.org ) at 2024-08-05 10:46 CST
Nmap scan report for oapi.dingtalk.com (106.11.40.32)
Host is up (0.014s latency).
Other addresses for oapi.dingtalk.com (not scanned): 2401:b180:2000:50::b 2401:b180:2000:80::d 2401:b180:2000:70::e 2401:b180:2000:60::f

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.1: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 6.92 seconds
2450 次点击
所在节点    程序员
13 条回复
zengxs
2024-08-05 11:25:02 +08:00
TLS 版本都是自动协商的,不支持 1.3 会自动回退到 1.2 ,看看是不是环境的问题
e3c78a97e0f8
2024-08-05 12:57:47 +08:00
国内不支持 TLS1.3 的网站多了去了
fredcc
2024-08-05 13:00:48 +08:00
支持 tls 1.3 啊
zong400
2024-08-05 13:40:15 +08:00
@zengxs 没有回退,环境是指 jdk 吗? jdk8u372 容器
zong400
2024-08-05 13:49:28 +08:00
@fredcc 你是用什么测试的?我用命令 nmap --script ssl-enum-ciphers -p 443 oapi.dingtalk.com
zealot
2024-08-05 14:21:51 +08:00
钉钉的域名支持 TLS1.3 ;
你的检测结果中没有显示 TLS 1.3 的原因是你用的 nmap 版本比较旧( 7.6 版本的 nmap 发布时候还没有 TLS 1.3 协议),换个最新版本 nmap 就可以。

你用的这个 nmap 版本号是 7.60 ,发布日期是 2017-07-31 详见: https://svn.nmap.org/nmap-releases/nmap-7.60/CHANGELOG

TLS 1.3 协议是 2018 年 8 月发布的,详见 IETF 文档: https://datatracker.ietf.org/doc/html/rfc8446

nmap 在 2021 年 12 月才支持了 TLS 1.3 ,详见代码提交记录: https://github.com/mzet-/Nmap-for-Pen-Testers/commit/f55c200783af64f2ecb286244056e83098d74e97

最新的 nmap 7.95 版本检测钉钉域名是支持 TLS 1.3 的:
```
$ nmap --script ssl-enum-ciphers -p 443 oapi.dingtalk.com
Starting Nmap 7.95 ( https://nmap.org ) at 2024-08-05 14:08 CST
Nmap scan report for oapi.dingtalk.com (106.11.35.100)
Host is up (0.047s latency).
Other addresses for oapi.dingtalk.com (not scanned): 2401:b180:2000:80::d 2401:b180:2000:50::b 2401:b180:2000:60::f 2401:b180:2000:70::e

PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.3:
| ciphers:
| TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
| TLS_AKE_WITH_SM4_CCM_SM3 (ecdh_x25519) - A
| TLS_AKE_WITH_SM4_GCM_SM3 (ecdh_x25519) - A
| cipher preference: server
|_ least strength: A

Nmap done: 1 IP address (1 host up) scanned in 3.58 seconds
```

SSL Labs 检测结果也同样显示支持 TLS 1.3: https://www.ssllabs.com/ssltest/analyze.html?d=oapi.dingtalk.com
p.s. 这个域名还在支持 TLS 1.0 和 TLS 1.1 的原因是还有很多企业不支持更高版本的 TLS 。不过安全团队针对低版本的 TLS 的加密套件做了定制,剔除一些低版本中有重大风险的加密套件。

![]( )
zong400
2024-08-05 15:21:29 +08:00
@zealot 疏忽了,原来 nmap 旧版的原因
不过从 java debug 看的确是 tls 版本不对所以握手失败,也没有回退到 1.2
```
javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.427 CST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 520

javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.442 CST|SSLSocketInputRecord.java:213|READ: TLSv1.2 alert, length = 2
```

另外从你的结果看,tls1.3 支持的加密套件没有 RSA 的,这个我有点疑惑啊,他的证书是用 RSA 签发吧
CloudMx
2024-08-05 16:21:48 +08:00
可以的.
➜ ~ curl -v -I --tls-max 1.3 https://oapi.dingtalk.com
* Host oapi.dingtalk.com:443 was resolved.
* IPv6: (none)
* IPv4: 106.11.43.136
* Trying 106.11.43.136:443...
* Connected to oapi.dingtalk.com (106.11.43.136) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /opt/anaconda3/ssl/cacert.pem
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: C=CN; ST=ZheJiang; L=HangZhou; O=Alibaba (China) Technology Co., Ltd.; CN=*.dingtalk.com
* start date: Apr 8 04:56:05 2024 GMT
* expire date: May 10 04:56:04 2025 GMT
* subjectAltName: host "oapi.dingtalk.com" matched cert's "*.dingtalk.com"
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G3
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha1WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://oapi.dingtalk.com/
fredcc
2024-08-05 17:00:01 +08:00
@zong400 https://github.com/drwetter/testssl.sh
fredcc
2024-08-05 17:04:46 +08:00
检测结果看人家的策略没啥问题,抓个网络包看下握手失败原因吧。
zealot
2024-08-05 18:11:49 +08:00
@zong400 RSA 是很老的算法了,ECC 综合指标显著优于 RSA ,了解技术的都会在 TLS 1.3 里采用 ECC 而不是 RSA
zong400
2024-08-05 18:35:36 +08:00
@zealot 我意思是从浏览器看到证书是用 RSA 签的,但是你的 nmap 结果里面 tls1.3 ciphers 都是 TLS_AKE_WITH_XXX ,没有 TLS_RSA_WITH_XXX
VKLER
2024-08-05 23:05:52 +08:00
你项目中有用到 OkHttp 的库嘛?看看是不是版本冲突了,低版本可能不支持 TLSv1.3

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/1062557

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX