吐槽一下钉钉域名竟然不支持 tls1.3

102 天前
 zong400

用他的 java sdk 总是 ssl 握手失败,查了一个下午发现是不支持 tls1.3 ,jdk1.8 在比较新的版本都是默认 tls1.3 的,版本对不上握手失败。

Starting Nmap 7.60 ( https://nmap.org ) at 2024-08-05 10:46 CST
Nmap scan report for oapi.dingtalk.com (106.11.40.32)
Host is up (0.014s latency).
Other addresses for oapi.dingtalk.com (not scanned): 2401:b180:2000:50::b 2401:b180:2000:80::d 2401:b180:2000:70::e 2401:b180:2000:60::f

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.1: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|     compressors: 
|       NULL
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 6.92 seconds
1876 次点击
所在节点    程序员
13 条回复
zengxs
102 天前
TLS 版本都是自动协商的,不支持 1.3 会自动回退到 1.2 ,看看是不是环境的问题
e3c78a97e0f8
102 天前
国内不支持 TLS1.3 的网站多了去了
fredcc
102 天前
支持 tls 1.3 啊
zong400
102 天前
@zengxs 没有回退,环境是指 jdk 吗? jdk8u372 容器
zong400
102 天前
@fredcc 你是用什么测试的?我用命令 nmap --script ssl-enum-ciphers -p 443 oapi.dingtalk.com
zealot
102 天前
钉钉的域名支持 TLS1.3 ;
你的检测结果中没有显示 TLS 1.3 的原因是你用的 nmap 版本比较旧( 7.6 版本的 nmap 发布时候还没有 TLS 1.3 协议),换个最新版本 nmap 就可以。

你用的这个 nmap 版本号是 7.60 ,发布日期是 2017-07-31 详见: https://svn.nmap.org/nmap-releases/nmap-7.60/CHANGELOG

TLS 1.3 协议是 2018 年 8 月发布的,详见 IETF 文档: https://datatracker.ietf.org/doc/html/rfc8446

nmap 在 2021 年 12 月才支持了 TLS 1.3 ,详见代码提交记录: https://github.com/mzet-/Nmap-for-Pen-Testers/commit/f55c200783af64f2ecb286244056e83098d74e97

最新的 nmap 7.95 版本检测钉钉域名是支持 TLS 1.3 的:
```
$ nmap --script ssl-enum-ciphers -p 443 oapi.dingtalk.com
Starting Nmap 7.95 ( https://nmap.org ) at 2024-08-05 14:08 CST
Nmap scan report for oapi.dingtalk.com (106.11.35.100)
Host is up (0.047s latency).
Other addresses for oapi.dingtalk.com (not scanned): 2401:b180:2000:80::d 2401:b180:2000:50::b 2401:b180:2000:60::f 2401:b180:2000:70::e

PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.3:
| ciphers:
| TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
| TLS_AKE_WITH_SM4_CCM_SM3 (ecdh_x25519) - A
| TLS_AKE_WITH_SM4_GCM_SM3 (ecdh_x25519) - A
| cipher preference: server
|_ least strength: A

Nmap done: 1 IP address (1 host up) scanned in 3.58 seconds
```

SSL Labs 检测结果也同样显示支持 TLS 1.3: https://www.ssllabs.com/ssltest/analyze.html?d=oapi.dingtalk.com
p.s. 这个域名还在支持 TLS 1.0 和 TLS 1.1 的原因是还有很多企业不支持更高版本的 TLS 。不过安全团队针对低版本的 TLS 的加密套件做了定制,剔除一些低版本中有重大风险的加密套件。

![]( )
zong400
102 天前
@zealot 疏忽了,原来 nmap 旧版的原因
不过从 java debug 看的确是 tls 版本不对所以握手失败,也没有回退到 1.2
```
javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.427 CST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 520

javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.442 CST|SSLSocketInputRecord.java:213|READ: TLSv1.2 alert, length = 2
```

另外从你的结果看,tls1.3 支持的加密套件没有 RSA 的,这个我有点疑惑啊,他的证书是用 RSA 签发吧
CloudMx
101 天前
可以的.
➜ ~ curl -v -I --tls-max 1.3 https://oapi.dingtalk.com
* Host oapi.dingtalk.com:443 was resolved.
* IPv6: (none)
* IPv4: 106.11.43.136
* Trying 106.11.43.136:443...
* Connected to oapi.dingtalk.com (106.11.43.136) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /opt/anaconda3/ssl/cacert.pem
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: C=CN; ST=ZheJiang; L=HangZhou; O=Alibaba (China) Technology Co., Ltd.; CN=*.dingtalk.com
* start date: Apr 8 04:56:05 2024 GMT
* expire date: May 10 04:56:04 2025 GMT
* subjectAltName: host "oapi.dingtalk.com" matched cert's "*.dingtalk.com"
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G3
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha1WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://oapi.dingtalk.com/
fredcc
101 天前
@zong400 https://github.com/drwetter/testssl.sh
fredcc
101 天前
检测结果看人家的策略没啥问题,抓个网络包看下握手失败原因吧。
zealot
101 天前
@zong400 RSA 是很老的算法了,ECC 综合指标显著优于 RSA ,了解技术的都会在 TLS 1.3 里采用 ECC 而不是 RSA
zong400
101 天前
@zealot 我意思是从浏览器看到证书是用 RSA 签的,但是你的 nmap 结果里面 tls1.3 ciphers 都是 TLS_AKE_WITH_XXX ,没有 TLS_RSA_WITH_XXX
VKLER
101 天前
你项目中有用到 OkHttp 的库嘛?看看是不是版本冲突了,低版本可能不支持 TLSv1.3

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/1062557

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX