共计 858 个字符,预计需要花费 3 分钟才能阅读完成。
试了下至少需要这 5 个:
Cipher Suites (5 suites)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
有些网站少一个就握手失败,有些可以少几个。
查了下文档 https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.4,里面写着:
This specification defines the following cipher suites for use with
TLS 1.3.
+------------------------------+-------------+
| Description | Value |
+------------------------------+-------------+
| TLS_AES_128_GCM_SHA256 | {0x13,0x01} |
| | |
| TLS_AES_256_GCM_SHA384 | {0x13,0x02} |
| | |
| TLS_CHACHA20_POLY1305_SHA256 | {0x13,0x03} |
| | |
| TLS_AES_128_CCM_SHA256 | {0x13,0x04} |
| | |
| TLS_AES_128_CCM_8_SHA256 | {0x13,0x05} |
+------------------------------+-------------+
文档是 TLS 1.3 版本的,对于之前的版本,也必须提供至少 5 个吗?
(场景:节省客户端发送流量,用最小的 ClientHello 包,完全不考虑安全性)
正文完
