使用 C# 中的各种密码强度和算法通过 SSL 连接到服务器
四处搜索了一下,发现了不同的工具来检查弱密码。如何通过 .net/c# 确定服务器支持哪些密码/算法?
我可以通过 (ssl.protocols.ssl2/ssl3/tls) 测试 sslv2、sslv3 和 tls:
TcpClient client = new TcpClient();
client.Connect("host", 443);
using (SslStream Ssl = new SslStream(client.GetStream()))
{
Ssl.AuthenticateAsClient("host", null, System.Security.Authentication.SslProtocols.Ssl3, false);
Console.WriteLine(Ssl.CipherAlgorithm);
Console.WriteLine(Ssl.CipherStrength);
Console.WriteLine(Ssl.SslProtocol);
}
client.Close();
如何通过 C# 检查算法和其他弱密码?我正在查看 SSLDiagnos 但它是用 c 语言编写的?
有什么想法吗?
Searched around a bit, found different tools to check weak ciphers. How can I determine what ciphers/alogrithms the Server supports via .net/c#?
I can test sslv2, sslv3 and tls via (ssl.protocols.ssl2/ssl3/tls):
TcpClient client = new TcpClient();
client.Connect("host", 443);
using (SslStream Ssl = new SslStream(client.GetStream()))
{
Ssl.AuthenticateAsClient("host", null, System.Security.Authentication.SslProtocols.Ssl3, false);
Console.WriteLine(Ssl.CipherAlgorithm);
Console.WriteLine(Ssl.CipherStrength);
Console.WriteLine(Ssl.SslProtocol);
}
client.Close();
How do I check the algorithms and other weak ciphers via C#? I am looking at SSLDiagnos but it is in c?
Any ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
SslStream 的 CipherAlgorithm 和 HashAlgorithm 属性。您定义什么对您来说是“弱”的,并根据您的“弱”列表检查协商的算法。
更新:抱歉误解了这个问题。服务器似乎没有发送支持的密码套件列表,因此唯一的选择是在客户端上一次启用一个密码套件并尝试使用它进行连接。我没有看到 SslStream 允许您指定允许的密码套件,但是您可以使用我们的 SecureBlackbox 组件用于此目的 - 它们可以让您轻松地微调组件(SSL 客户端)。
CipherAlgorithm and HashAlgorithm properties of SslStream. You define what is "weak" for you, and check the negotiated algorithm against your list of "weak" ones.
Update: Sorry for misunderstanding the question. The server doesn't seem to send the list of supported ciphersuites, so the only option is to enable one cipher suite at a time on the client and attempt to connect using it. I don't see that SslStream allows you to specify allowed ciphersuite(s), however you can use our SecureBlackbox components for this - they let you fine-tune the component (SSL client) easily.
服务器从客户端请求的列表中选择要使用的密码套件。也就是说,您应该使用一些允许启用/禁用某些密码套件的库,并尝试一一连接到启用套件的服务器。 SslStream不支持灵活的密码套件调整。
The server chooses a ciphersuite to use from the list requested by the client. I.e. you should take some library that allows to enable/disable certain ciphersuites, and try to connect to the server enabling suites one-by-one. SslStream doesn't support flexible ciphersuites adjustment.
我仍然会看看 ssldiagnos 并可能使用 OpenSSL.NET 将其移植到 c# ? http://sourceforge.net/projects/openssl-net/
然后您所要做的就是将 c 代码移植到 c# 中并保留 OpenSSL 代码。
I would still take a look at ssldiagnos and maybe port it to c# using OpenSSL.NET? http://sourceforge.net/projects/openssl-net/
Then all you would have to do is to port the c-code into c# and leave the OpenSSL-code.
ssldiagnos 应用程序现在与另一个工具合并:sslPressure,它根本不使用 openssl,只需检查初始客户端 hello(更简单),也许您可以将其用作项目的模板。
The ssldiagnos application is now merged with another tool: sslpressure which does not use openssl at all, just check the initial client hello (much simpler), maybe you can use that as a template for your project.