当客户端 Hello 通过 TLSv1.2 发送时,Active Directory 服务器正在发送 RST

当客户端 Hello 通过 TLSv1.2 发送时,Active Directory 服务器正在发送 RST

我遇到了同样的问题绑定某些证书时,服务器收到Client Hello后发送RST当我尝试通过 TLSv1.2 向 AD(Active Directory 服务器)进行身份验证时。Wireshark 捕获与问题中发布的相同。并且“客户端 Hello”使用以下签名算法。

Extension: signature_algorithms
Type: signature_algorithms (0x000d)
Length: 22
Signature Hash Algorithms Length: 20
Signature Hash Algorithms (10 algorithms)
    Signature Hash Algorithm: 0x0603
        Signature Hash Algorithm Hash: SHA512 (6)
        Signature Hash Algorithm Signature: ECDSA (3)
    Signature Hash Algorithm: 0x0601
        Signature Hash Algorithm Hash: SHA512 (6)
        Signature Hash Algorithm Signature: RSA (1)
    Signature Hash Algorithm: 0x0503
        Signature Hash Algorithm Hash: SHA384 (5)
        Signature Hash Algorithm Signature: ECDSA (3)
    Signature Hash Algorithm: 0x0501
        Signature Hash Algorithm Hash: SHA384 (5)
        Signature Hash Algorithm Signature: RSA (1)
    Signature Hash Algorithm: 0x0403
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: ECDSA (3)
    Signature Hash Algorithm: 0x0401
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: RSA (1)
    Signature Hash Algorithm: 0x0402
        Signature Hash Algorithm Hash: SHA256 (4)
        Signature Hash Algorithm Signature: DSA (2)
    Signature Hash Algorithm: 0x0203
        Signature Hash Algorithm Hash: SHA1 (2)
        Signature Hash Algorithm Signature: ECDSA (3)
    Signature Hash Algorithm: 0x0201
        Signature Hash Algorithm Hash: SHA1 (2)
        Signature Hash Algorithm Signature: RSA (1)
    Signature Hash Algorithm: 0x0202
        Signature Hash Algorithm Hash: SHA1 (2)
        Signature Hash Algorithm Signature: DSA (2)

如何查看 Active Directory 服务器上可用的潜在证书列表,这些证书可供 AD 用于 TLSv1.2‘服务器 Hello’?

相关内容