问题
I am new to OpenSSL and have theoretical information in SSL protocol . I have task to create a certificate who uses RSA algorithm for symmetric session key exchange and use my own my encryption algorithm called FooSymmetricAlgorithm
for symmetric session key. I need a way to tell the browser and web server to use FooSymmetricAlgorithm
as symmetric algorithm. I know I can import my root certificate to browser but I think that does not mean I can add my encryption algorithm to browser. My problem is that how I can tell the browser to use FooSymmetricAlgorithm
for session key and encryption. It does not difference between browser. It is suffice to have an browser and I will use it just for test purpose.
I want to know that is there any way when I send digital certificate to browser, the browser forced to use my FooSymmetricAlgorithm
for encrypting data? I mean is there any way to add my algorithm to browser?
回答1:
My problem is that how I can tell the browser to use FooSymmetricAlgorithm for session key and encryption.
You have to add your own cipher suite to the browser, which means changes to the source code in NSS (Chrome, Firefox). Then you have to make changes to the TLS stack used by the server and add the cipher suite there. For details how to do this see the implementation of the existing cipher suites in OpenSSL and/or NSS. Since the cipher suite is not IANA assigned you have to use one of the cipher-ids marked for private use.
If everything is done correctly the browser will announce support for the new cipher suite and the server will use it. But all this process is not as simple as adding a root certificate, that means it involves lots of coding, reading existing source code etc.
来源:https://stackoverflow.com/questions/26672227/how-to-add-our-created-session-encryption-algorithm-to-major-browser-using-ope