compotible with 360 browser #21
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
360 browser sent two TLCP ciphersuites(0xe013 and 0xe053) in tls clienthello's ciphersuites to indicate that it support TLCP protocol
|
360浏览器连接网站时,先发送tls(clienthello里加0xe013和0xe053这俩国密套件声明自己支持国密协议)连服务器,如果服务器只支持国密(只配置了国密证书的情况),返回握手失败,360浏览器再发送国密协议尝试用国密连接。但如果服务器即配置了国密证书,又配置了rsa证书,在360浏览器第一次发送tls连接的时候,将返回tls协议,造成无法优先选用国密协议。 |
|
客户端使用标准的TLS client hello + TLCP cipher suites发起请求,服务端使用TLCP协议完成握手,有点类似于TLS的降级方式。但这种流程似乎不完全符合TLCP协议 |
|
是的。这个根本原因还是协议version的问题。tls的0x0303和tlcp的0x0101从根本上无法兼容。只能做一些特殊处理了。在实际应用中,如果服务端配置了国密证书,那么其初衷应该也是希望默认能支持国密的客户端用国密协议来通信的,而tls是留给不支持国密协议的客户端的。这个patch在实际使用中还是有应用场景的。 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
360 browser sent two TLCP ciphersuites(0xe013 and 0xe053) in
tls clienthello's ciphersuites to indicate that it support TLCP
protocol