openssl cookbook

1，想让自己网站支持ssl，需要有以下步骤：

生成私钥

创建CSR（Certificate Signing Request），发送到CA

使用CA返回的证书

2，生成私钥

生成ecdsa私钥

openssl ecparam -genkey -name secp256r1|openssl ec -out ec.key -aes128

生成rsa私钥

openssl genrsa -aes128 -out fd.key 2048

3，创建CSR

openssl req -new -key ec.key -out ec.csr

openssl req -new -key fd.key -out fd.csr

创建过程中需要输入一些信息。

A challenge password []:.

An optional company name []:.

这两项可以直接输入"."，这里的password基本没有什么用，也与加密无关，可以忽略。

将CSR发送给CA，生成证书。

也可以自己来生成证书，用作测试，别人是不会认可的^_^

openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt

默认情况下，上面方法产生的证书只能给一个域名使用，当要给多个域名使用时，可以考虑通配符，比如 *.example.com

可以创建 fd.ext 文件，写入如下内容：

subjectAltName = DNS:*.example.com, DNS:example.com

然后生成证书时，使用命令

openssl x509 -req -days 365 -in fd.csr -signkey fd.key -out fd.crt -extfile fd.ext

这样生成的证书就能够被*.example.com使用，并且可以从证书中看到如下扩展信息：

X509v3 extensions:

X509v3 Subject Alternative Name:

DNS:*.example.com, DNS:example.com

CA签发的证书还包含其他的扩展。

a，CRL

Certificate Revocation List (CRL)  are CA-signed lists of revoked certificates, published at regular time intervals (e.g., seven days).

b，CPS

Certificate Policy Statement (CPS) points, which are usually web pages or PDF documents

c，AIA

包含两部分：

OCSP：Online Certificate Status Protocol 地址，用于实时检测证书的有效性

签发者的证书地址（签发者如果不是根CA的话，就必须要有上一级CA给签发的证书）

d，Subject Key &Authority Key Identifier

用于建立证书链。证书的Authority Key必须和签发者证书的Subject Key一致，这样客户端就能够根据两个key建立两个证书的签发关系。

证书和key的格式

DER格式：

使用DER ASN.1编码的raw格式

PEM格式：

使用base64编码的DER格式，同时包含一些其他信息，比如

PEM证书：

-----BEGIN CERTIFICATE-----

base64(DER)

-----END CERTIFICATE-----

PEM key:

base64(DER key)

cipher suites 的选择

1，openssl ciphers 命令，用来测试支持的cipher suites，支持各种查询条件：

a，获取当前openssl支持的cipher suites

openssl ciphers -v 'ALL:COMPLEMENTOFALL'

openssl ciphers -v 'aECDSA:!RC4:!DES'

一些考虑：

1. Use only strong ciphers of 128 effective bits and up (this excludes 3DES).

2. Use only suites that provide strong authentication (this excludes anonymous and ex-

port suites).

3. Do not use any suites that rely on weak primitives (e.g., MD5).

4. Implement robust support for forward secrecy, no matter what keys and protocols are

used. With this requirement comes a slight performance penalty, because I won’t be

able to use the fast RSA key exchange. I’ll minimize the penalty by prioritizing ECD-

HE, which is substantially faster than DHE.

5. Prefer ECDSA over RSA. This requirement makes sense only in dual-key deployments,

in which we want to use the faster ECDSA operations wherever possible, but fall back

to RSA when talking to clients that do not yet support ECDSA.

6. With TLS 1.2 clients, prefer AES GCM suites, which provide the best security TLS can

offer.

7. Because RC4 was recently found to be weaker than previously thought, 11 we want to

push it to the end of the list. That’s almost as good as disabling it. Although BEAST

might still be a problem in some situations, I’ll assume that it’s been mitigated client-

side.

The weak suites can be identified with the following cipher strings:

• aNULL ; no authentication

• eNULL ; no encryption

• LOW ; low-strength suites

• 3DES ; effective strength of 108 bits

• MD5 ; suites that use MD5

• EXP ; obsolete export suites

!DSS !PSK !SRP： obsolete  suites

!CAMELLIA !IDEA !SEED：obsolete suites

推荐的cipher suites（强安全性+高性能）

ECDHE-ECDSA-AES128-GCM-SHA256

ECDHE-ECDSA-CHACHA20-POLY1305 (openssl 1.1以上版本)

ECDHE-ECDSA-AES256-GCM-SHA384

ECDHE-ECDSA-AES128-SHA

ECDHE-ECDSA-AES256-SHA

ECDHE-ECDSA-AES128-SHA256

ECDHE-ECDSA-AES256-SHA384

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-RSA-CHACHA20-POLY1305 (openssl 1.1以上版本)

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-RSA-AES128-SHA

ECDHE-RSA-AES256-SHA

ECDHE-RSA-AES128-SHA256

ECDHE-RSA-AES256-SHA384

DHE-RSA-AES128-GCM-SHA256

DHE-RSA-AES256-GCM-SHA384

DHE-RSA-AES128-SHA

DHE-RSA-AES256-SHA

DHE-RSA-AES128-SHA256

DHE-RSA-AES256-SHA256

下面的用于支持老旧客户端，tls1.0，tls1.1：

EDH-RSA-DES-CBC3-SHA

AES128-SHA

AES256-SHA

DES-CBC3-SHA

ECDHE-RSA-RC4-SHA

RC4-SHA

下面是TLS1.3

TLS13-AES-256-GCM-SHA384 

TLS13-CHACHA20-POLY1305-SHA256 

TLS13-AES-128-GCM-SHA256 

TLS13-AES-128-CCM-8-SHA256 

TLS13-AES-128-CCM-SHA256

测试速度

openssl speed xxx （xxx是待测试的任何东西）

openssl speed -multi n(n是能够使用的cpu核数) xxx   

openssl speed -evp （evp 启动硬件加速）aes-128-cbc