Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

从 RFC-6101 看 openssl (1) | 遐想的空中宫殿 #22

Open
skyleaworlder opened this issue Jan 6, 2021 · 2 comments
Open

从 RFC-6101 看 openssl (1) | 遐想的空中宫殿 #22

skyleaworlder opened this issue Jan 6, 2021 · 2 comments
Labels
75e168b0cc126f2ab2552c1f71fd7cf4 Gitalk

Comments

@skyleaworlder
Copy link
Owner

https://skyleaworlder.github.io/2021/01/05/openssl-replay-1/

期末,怎么办一个学期就要过去了,信安原理自然是有期末考试的。 我是觉得难,第一是因为自己没基础。一个学期过去了自己还是什么都不知道,除了感慨自己太懒散之外,也没有什么好说的。埋怨也埋怨不了别人。 期末考试对我来说是困难的,极其困难的。下面是往届信安原理考试的一道题目: 分析 SSL 防重放攻击的安全机制,并比较分析其与 ipsec 反重放机制的主要异同点。 正常人第一感觉想来肯定是,哦,也不是
@DarkKowalski
Copy link

可以参考下讲 TLS 1.3 的 RFC8446 section-8.2,里面有这么一段话

An alternative form of anti-replay is to record a unique value
derived from the ClientHello (generally either the random value or
the PSK binder) and reject duplicates.

大概老师也分不清 SSL 和 TLS 的 114514 个版本吧

@skyleaworlder
Copy link
Owner Author

可以参考下讲 TLS 1.3 的 RFC8446 section-8.2,里面有这么一段话

An alternative form of anti-replay is to record a unique value
derived from the ClientHello (generally either the random value or
the PSK binder) and reject duplicates.

大概老师也分不清 SSL 和 TLS 的 114514 个版本吧

啊……谢谢大佬。是这样啊,吐了。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
75e168b0cc126f2ab2552c1f71fd7cf4 Gitalk
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DarkKowalski @skyleaworlder