主页 / server / 问题 / 910177
Accepted
Kyle Brandt
Asked: 2018-05-02 07:39:01 +0800 CST

Get-TlsCipherSuite 输出中 Protocols 字段的值是什么意思?

  • 772

Powershell 有一个Get-TlsCipherSutecmdlet,它返回有关 TLS 可以使用的密码的信息。

输出包括一个Protocols似乎设置为数字数组的字段,例如:

PS C:\>Get-TlsCipherSuite -Name "AES"
KeyType               : 0
Certificate           : ECDSA
MaximumExchangeLength : 65536
MinimumExchangeLength : 0
Exchange              : ECDH
HashLength            : 0
Hash                  :
CipherBlockLength     : 16
CipherLength          : 256
BaseCipherSuite       : 49196
CipherSuite           : 49196
Cipher                : AES
Name                  : TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Protocols             : {771, 65277}

作为每个密码套件的字段值的数字的含义是什么Protocols(例如,771652677)?

注意:如果您去探索,请注意此命令的输出似乎与 不兼容select,请参阅https://windowsserver.uservoice.com/forums/301869-powershell/suggestions/16511008-get-tlsciphersuite-does-not -输出行为良好的ob

windows

2 个回答

  1. Best Answer

    它们似乎是TLS 版本字段中使用的值的十进制表示。771 = 0x0303 = TLS_1_265277 = 0xFEFD = DTLS_1_1。您可以看到在各种 TLS 库中定义的类似常量:

    TLS_VERSIONS = {
    # SSL
    0x0002: "SSL_2_0",
    0x0300: "SSL_3_0",
    # TLS:
    0x0301: "TLS_1_0",
    0x0302: "TLS_1_1",
    0x0303: "TLS_1_2",
    0x0304: "TLS_1_3",
    # DTLS
    0x0100: "PROTOCOL_DTLS_1_0_OPENSSL_PRE_0_9_8f",
    0x7f10: "TLS_1_3_DRAFT_16",
    0x7f12: "TLS_1_3_DRAFT_18",
    0xfeff: "DTLS_1_0",
    0xfefd: "DTLS_1_1",
}

    因此,它们可能代表该密码可用的 TLS/SSL 协议版本。

    • 9 
  2. TLS_VERSIONS = {
    # SSL
    2       0x0002: "SSL_2_0",
    768     0x0300: "SSL_3_0",
    # TLS:
    769     0x0301: "TLS_1_0",
    770     0x0302: "TLS_1_1",
    771     0x0303: "TLS_1_2",
    772     0x0304: "TLS_1_3",
    # DTLS
    256     0x0100: "PROTOCOL_DTLS_1_0_OPENSSL_PRE_0_9_8f",
    32528   0x7f10: "TLS_1_3_DRAFT_16",
    32530   0x7f12: "TLS_1_3_DRAFT_18",
    65279   0xfeff: "DTLS_1_0",
    65277   0xfefd: "DTLS_1_1",
}
    • 0

相关问题