首先获取配置文件的路径,windows版本简明的方式就是查看mysql的服务,在启动参数中有配置文件的路径,如下: >sc qc mysql80 [SC] QueryServiceConfig 成功 BINARY_PATH_NAME : "C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe" --defaults-file="C:\P […]
标签: ssl
python ssl wrap
通过python可以免去编译很快速的实现ssl socket的模拟,如下server和client的示例,作为日常学习ssl的行为模式,应该是能满足了: sslServer:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
import socket import ssl import sys def sslServer(host, port): # create user defined SSLContext ssl_context = ssl.SSLContext() ssl_context.verify_mode = ssl.CERT_REQUIRED ssl_context.load_verify_locations(cafile='RootCA.pem') ssl_context.check_hostname = False # test this protocol with client's PROTOCOL_TLSv1_2 ssl_context.protocol = ssl.PROTOCOL_TLS_SERVER ssl_context.load_cert_chain("Server.pem", "Server.key") cipher_suites = 'ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384' ssl_context.set_ciphers(cipher_suites) try: server = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) # set reuse options server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) server.bind((host, port)) server.listen(1) with ssl_context.wrap_socket(server, server_side=True) as ssl_server: conn, addr = ssl_server.accept() print("accept conn from %s" % str(addr)) # get the ssl cipher info print('ssl cipher: {}'.format(conn.cipher())) while conn: recv_data = conn.recv(1024) print("recv: %s" % repr(recv_data)) if not recv_data: break conn.sendall(recv_data) except Exception as e: print(e) if __name__ == '__main__': print('ssl ver: {}'.format(ssl.OPENSSL_VERSION)) try: sslServer(sys.argv[1], int(sys.argv[2])) except KeyboardInterrupt: print('server exit') |
sslClient:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
import socket import ssl import sys def sslClient(host, port): # create defauly_context ssl_context = ssl.create_default_context(cafile='RootCA.pem') ssl_context.load_cert_chain("Client.pem", "Client.key") ssl_context.protocol = ssl.PROTOCOL_TLSv1_2 # crl test # ssl_context.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF # ssl_context.load_verify_locations("Server.crl") cipher_suites = 'DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384' ssl_context.set_ciphers(cipher_suites) client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) with ssl_context.wrap_socket(client, server_hostname='Server') as ssl_client: ssl_client.connect((host, port)) # get the ssl cipher info print('ssl cipher: {}'.format(ssl_client.cipher())) while True: send_data = input("send:") ssl_client.sendall(send_data.encode()) recv_data = ssl_client.recv(1024) print("recv:%s" % recv_data) if __name__ == '__main__': print('ssl ver: {}'.format(ssl.OPENSSL_VERSION)) try: sslClient(sys.argv[1], int(sys.argv[2])) except KeyboardInterrupt: print('client exit') |
参考: 官方文档: https://docs.python.org/3 […]
通过java程序使用证书
以下java代码都来自ibm官网的大神,此处只是借用代码测试我们生成的证书好不好用。首先我们的证书有下面几个: Client.p12 - Client端keystore,不包含CA证书,通过openssl生成 ClientTrust.p12 - Client端可信任keystore,只导入Server的证书,通过keytool生成 Client_wc.p12 - Client端keys […]
使用let's encrypt的ssl证书
前一段时间为了在外网安全登录给blog添加了一个ssl证书,分别尝试了自己生成的和startcom提供的免费版证书,虽然勉强可用,但是好景不长,startcom的证书因为沃通的关系,被浏览器拒之门外了。后来在朋友圈里看到mozilla和Cisco联手其他厂家共同推出的let's encrypt项目,于是今天就重新申请一个let's encrypt的证书试试看。虽然let's encrypt有官方网 […]
yum方式安装的apache开启ssl实践
环境:CentOS,yum方式安装apache。 综合网上教程,首先需要下载安装openssl,windows或者linux应该都可以,本次以在windows上生成证书为例,首先在openssl的bin目录下,创建一个文本格式的配置文件,例如openssl.cfg,内如按照如下方式输入: [req] distinguished_name = req_distinguished_name req_e […]