sslscan产生以下输出(为了本问题的目的而被截断):
Supported Server Cipher(s):
SSL_connect() returned: 1
Accepted TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve 25519 DHE 253
SSL_connect() returned: 1
Preferred TLSv1.2 256 bits ECDHE-ECDSA-AES256-GCM-SHA384 Curve 25519 DHE 253
SSL_connect() returned: 1
Accepted TLSv1.2 256 bits ECDHE-ECDSA-AES256-CCM8 Curve 25519 DHE 253
SSL_connect() returned: 1
Accepted TLSv1.2 256 bits ECDHE-ECDSA-AES256-CCM Curve 25519 DHE 253
SSL_connect() returned: 1
Accepted TLSv1.2 256 bits ADH-AES256-GCM-SHA384 DHE 3072 bits
SSL_connect() returned: 1
Accepted TLSv1.2 256 bits ECDHE-ECDSA-AES256-SHA384 Curve 25519 DHE 253
SSL_connect() returned: 1
Accepted TLSv1.2 256 bits ECDHE-ECDSA-CAMELLIA256-SHA384 Curve 25519 DHE 253
SSL_connect() returned: 1
Accepted TLSv1.2 256 bits ADH-AES256-SHA256 DHE 3072 bits
SSL_connect() returned: 1
Accepted TLSv1.2 256 bits ADH-CAMELLIA256-SHA256 DHE 3072 bits
SSL_connect() returned: 1
Accepted TLSv1.2 128 bits ECDHE-ECDSA-CAMELLIA128-SHA256 Curve 25519 DHE 253
SSL_connect() returned: 1
Accepted TLSv1.2 256 bits ECDHE-ECDSA-AES256-SHA Curve 25519 DHE 253
SSL_connect() returned: 1
Accepted TLSv1.2 256 bits AECDH-AES256-SHA Curve 25519 DHE 253
SSL_connect() returned: 1
Accepted TLSv1.2 256 bits ADH-AES256-SHA DHE 3072 bits
SSL_connect() returned: 1
Accepted TLSv1.2 256 bits ADH-CAMELLIA256-SHA DHE 3072 bits
Server Key Exchange Group(s):
TLSv1.3 128 bits secp256r1 (NIST P-256)
TLSv1.3 192 bits secp384r1 (NIST P-384)
TLSv1.3 260 bits secp521r1 (NIST P-521)
TLSv1.3 128 bits x25519
TLSv1.3 224 bits x448
TLSv1.3 112 bits ffdhe2048
TLSv1.3 128 bits ffdhe3072
TLSv1.2 192 bits secp384r1 (NIST P-384)
SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
ECC Curve Name: secp384r1
ECC Key Strength: 192
在顶部支持的密码列表中,所有使用 ECDH 的密码都使用曲线 25519 进行报告。在底部的密钥交换组列表中,曲线 NIST P-384 是唯一针对 TLS 1.2 列出的曲线。
这个输出应该如何解释?
曲线 25519 是否仅作为上述密码列表中的示例报告,并且服务器是否支持底部的任何曲线和任何密码套件?
理论上,TLS1.2 还支持任何已报告的 DH 密钥交换曲线。为什么只有 NIST P-384 明确列出 TLS 1.2,而所有其他曲线仅与 TLS 1.3 结合使用。这种输出让我感到困惑。