Google Chrome 56, Windows 10, 2017年4月
我试图通过使用更高版本的TLS来提高应用程序的安全性。但是,我不想排除太多的用户。有人知道是否有一个列表,其中列出了所有主要浏览器,哪些版本支持TLS的哪些密码套件?如
Chrome version Y supports TLS_RSA ...., TLS_ECDHE...., ...
Chrome version Y+1 supports....
Safari version X ...
IE version Z ....
Microsoft Edge ...
Opera ....
Firefox ...
我一直在谷歌我的屁股,我似乎找不到它。有人见过这样的网站吗?万分感谢!
我不知道你是否可以在某个地方找到这些信息。
我认为有两种方法可以确保与大多数浏览器的兼容性:- 使用Qualys SSLLabs在每次更改配置后检查握手,
- 继续使用TLSv1.0是你需要支持Android v4.3及更早版本,并至少支持相应TLS RFC中定义的密码套件。
与rfc兼容的强制密码套件是:
- TLS_RSA_WITH_3DES_EDE_CBC_SHA适用于TLSv1.1(也适用于TLSv1.0) TLS_RSA_WITH_AES_128_CBC_SHA for TLSv1.2
如果您使用这些设置,您将支持所有浏览器,除了Windows XP上的IE6。
一旦你支持这些协议和密码套件,你可以添加和选择更强的:
- TLS_(EC)DHE_RSA_WITH_AES_256_GCM_SHA384(尚未被广泛支持)
- TLS_ (EC) DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ (EC) DHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ (EC) DHE_RSA_WITH_AES_128_CBC_SHA
通过这些设置,您应该可以支持几乎所有的浏览器,并且与现代浏览器具有良好的安全级别。
如果你想知道一个特定的浏览器版本,安装它并进入这个网站(仍然是Qualys SSLLabs,但对于客户端)。
PyTLS项目是一个非常低级的纯python SSL/TLS实现,并附带了一个基本的服务器实现,可以很好地处理这项工作,开箱即用。
- 克隆https://github.com/WestpointLtd/pytls
- run
python server.py -p 4433 - 将浏览器指向
https://localhost:4433/
正在运行的python脚本将把浏览器请求的密码套件打印到控制台。它们按偏好顺序列出,浏览器最喜欢的密码套件位于列表的顶部。
。
Google Chrome 56, Windows 10, 2017年4月Binding...
Connection from ('127.0.0.1', 64858)
Record Version: TLS1_0
Handshake Version: TLS1_2
Session ID Length: 0
Cipher Suites Length (bytes): 32
Cipher Suites:
0x8a8a GREASE_i
0xc02b TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
0xc02f TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
0xc02c TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
0xc030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
0xcca9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
0xcca8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
0xcc14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_non_iana
0xcc13 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_non_iana
0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xc014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0x009c TLS_RSA_WITH_AES_128_GCM_SHA256
0x009d TLS_RSA_WITH_AES_256_GCM_SHA384
0x002f TLS_RSA_WITH_AES_128_CBC_SHA
0x0035 TLS_RSA_WITH_AES_256_CBC_SHA
0x000a TLS_RSA_WITH_3DES_EDE_CBC_SHA
Mozilla Firefox 52, Windows 10, 2017年4月
Binding...
Connection from ('127.0.0.1', 64814)
Record Version: TLS1_0
Handshake Version: TLS1_2
Session ID Length: 0
Cipher Suites Length (bytes): 26
Cipher Suites:
0xc02b TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
0xc02f TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
0xcca9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
0xcca8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
0xc02c TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
0xc030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
0xc00a TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
0xc009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xc014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0x002f TLS_RSA_WITH_AES_128_CBC_SHA
0x0035 TLS_RSA_WITH_AES_256_CBC_SHA
0x000a TLS_RSA_WITH_3DES_EDE_CBC_SHA
curl 7.42.1 (x86_64-suse-linux-gnu) libcurl/7.42.1 OpenSSL/1.0.1k zlib/1.2.8 libidn/1.31 libssh2/1.5.0, 2017年4月
Binding...
Connection from ('127.0.0.1', 47096)
Record Version: TLS1_0
Handshake Version: TLS1_2
Session ID Length: 0
Cipher Suites Length (bytes): 118
Cipher Suites:
0xc030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
0xc02c TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
0xc028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
0xc024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
0xc014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0xc00a TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
0x00a3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
0x009f TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
0x006b TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
0x006a TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
0x0038 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
0x0088 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
0x0087 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
0xc032 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
0xc02e TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
0xc02a TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
0xc026 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
0xc00f TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
0xc005 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
0x009d TLS_RSA_WITH_AES_256_GCM_SHA384
0x003d TLS_RSA_WITH_AES_256_CBC_SHA256
0x0035 TLS_RSA_WITH_AES_256_CBC_SHA
0x0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
0xc02f TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
0xc02b TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
0xc027 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
0xc023 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xc009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
0x00a2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
0x009e TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
0x0067 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
0x0040 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
0x0032 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
0x009a TLS_DHE_RSA_WITH_SEED_CBC_SHA
0x0099 TLS_DHE_DSS_WITH_SEED_CBC_SHA
0x0045 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
0x0044 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
0xc031 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
0xc02d TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
0xc029 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
0xc025 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
0xc00e TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
0xc004 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
0x009c TLS_RSA_WITH_AES_128_GCM_SHA256
0x003c TLS_RSA_WITH_AES_128_CBC_SHA256
0x002f TLS_RSA_WITH_AES_128_CBC_SHA
0x0096 TLS_RSA_WITH_SEED_CBC_SHA
0x0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
0xc012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
0xc008 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
0x0013 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
0xc00d TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
0xc003 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
0x000a TLS_RSA_WITH_3DES_EDE_CBC_SHA
0x00ff TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Binding...
Connection from ('127.0.0.1', 64858)
Record Version: TLS1_0
Handshake Version: TLS1_2
Session ID Length: 0
Cipher Suites Length (bytes): 32
Cipher Suites:
0x8a8a GREASE_i
0xc02b TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
0xc02f TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
0xc02c TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
0xc030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
0xcca9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
0xcca8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
0xcc14 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_non_iana
0xcc13 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_non_iana
0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xc014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0x009c TLS_RSA_WITH_AES_128_GCM_SHA256
0x009d TLS_RSA_WITH_AES_256_GCM_SHA384
0x002f TLS_RSA_WITH_AES_128_CBC_SHA
0x0035 TLS_RSA_WITH_AES_256_CBC_SHA
0x000a TLS_RSA_WITH_3DES_EDE_CBC_SHA
Binding...
Connection from ('127.0.0.1', 64814)
Record Version: TLS1_0
Handshake Version: TLS1_2
Session ID Length: 0
Cipher Suites Length (bytes): 26
Cipher Suites:
0xc02b TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
0xc02f TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
0xcca9 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
0xcca8 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
0xc02c TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
0xc030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
0xc00a TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
0xc009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xc014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0x002f TLS_RSA_WITH_AES_128_CBC_SHA
0x0035 TLS_RSA_WITH_AES_256_CBC_SHA
0x000a TLS_RSA_WITH_3DES_EDE_CBC_SHA
Binding...
Connection from ('127.0.0.1', 47096)
Record Version: TLS1_0
Handshake Version: TLS1_2
Session ID Length: 0
Cipher Suites Length (bytes): 118
Cipher Suites:
0xc030 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
0xc02c TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
0xc028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
0xc024 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
0xc014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
0xc00a TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
0x00a3 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
0x009f TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
0x006b TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
0x006a TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
0x0038 TLS_DHE_DSS_WITH_AES_256_CBC_SHA
0x0088 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
0x0087 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
0xc032 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
0xc02e TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
0xc02a TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
0xc026 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
0xc00f TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
0xc005 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
0x009d TLS_RSA_WITH_AES_256_GCM_SHA384
0x003d TLS_RSA_WITH_AES_256_CBC_SHA256
0x0035 TLS_RSA_WITH_AES_256_CBC_SHA
0x0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
0xc02f TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
0xc02b TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
0xc027 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
0xc023 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
0xc009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
0x00a2 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
0x009e TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
0x0067 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
0x0040 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
0x0032 TLS_DHE_DSS_WITH_AES_128_CBC_SHA
0x009a TLS_DHE_RSA_WITH_SEED_CBC_SHA
0x0099 TLS_DHE_DSS_WITH_SEED_CBC_SHA
0x0045 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
0x0044 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
0xc031 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
0xc02d TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
0xc029 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
0xc025 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
0xc00e TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
0xc004 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
0x009c TLS_RSA_WITH_AES_128_GCM_SHA256
0x003c TLS_RSA_WITH_AES_128_CBC_SHA256
0x002f TLS_RSA_WITH_AES_128_CBC_SHA
0x0096 TLS_RSA_WITH_SEED_CBC_SHA
0x0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
0xc012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
0xc008 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
0x0013 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
0xc00d TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
0xc003 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
0x000a TLS_RSA_WITH_3DES_EDE_CBC_SHA
0x00ff TLS_EMPTY_RENEGOTIATION_INFO_SCSV
来自同一浏览器的重复连接通常会显示不同的密码套件,因为浏览器可能会在请求的密码列表的不同位置随机抛出不同的润滑脂密码。
请注意,这个项目只处理TLS记录和消息的传输,不处理任何加密。它主要针对想要在协议级别调查或复制不同SSL/TLS实现的行为的安全研究人员,并且需要一些所需协议行为的知识来有效地扩展其作为库的使用。
免责声明:我与作者密切合作,并为这个项目的某些方面做出了贡献。