mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-27 15:43:42 +08:00
Update TLS help message
This commit is contained in:
Zhi Guan
@@ -763,9 +763,11 @@ if(ENABLE_TLS AND NOT WIN32)
|
||||
add_test(NAME tlcp_sm4_gcm_sni COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tlcp_sm4_gcm_sni -P "${CMAKE_SOURCE_DIR}/cmake/tlcp_commands.cmake")
|
||||
add_test(NAME tlcp_sm4_cbc_sni COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tlcp_sm4_cbc_sni -P "${CMAKE_SOURCE_DIR}/cmake/tlcp_commands.cmake")
|
||||
add_test(NAME tlcp_sm4_gcm_client_cert COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tlcp_sm4_gcm_client_cert -P "${CMAKE_SOURCE_DIR}/cmake/tlcp_commands.cmake")
|
||||
add_test(NAME tls12_sm4_cbc COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls12_sm4_cbc -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake")
|
||||
add_test(NAME tls12_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls12_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake")
|
||||
add_test(NAME tls13_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
||||
add_test(NAME tls12_sm4_gcm_sni COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls12_sm4_gcm_sni -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake")
|
||||
add_test(NAME tls12_sm4_cbc_sni COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls12_sm4_cbc_sni -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake")
|
||||
add_test(NAME tls12_sm4_gcm_client_cert COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls12_sm4_gcm_client_cert -P "${CMAKE_SOURCE_DIR}/cmake/tls12_commands.cmake")
|
||||
add_test(NAME tls13_sm4_gcm_sni COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_sm4_gcm_sni -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
||||
add_test(NAME tls13_sm4_gcm_client_cert COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_sm4_gcm_client_cert -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
||||
add_test(NAME tls13_hrr_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_hrr_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
||||
add_test(NAME tls13_psk_dhe_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_psk_dhe_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
||||
add_test(NAME tls13_psk_only_sm4_gcm COMMAND ${CMAKE_COMMAND} -DTEST_CASE=tls13_psk_only_sm4_gcm -P "${CMAKE_SOURCE_DIR}/cmake/tls13_commands.cmake")
|
||||
@@ -774,9 +776,11 @@ if(ENABLE_TLS AND NOT WIN32)
|
||||
tlcp_sm4_gcm_sni
|
||||
tlcp_sm4_cbc_sni
|
||||
tlcp_sm4_gcm_client_cert
|
||||
tls12_sm4_cbc
|
||||
tls12_sm4_gcm
|
||||
tls13_sm4_gcm
|
||||
tls12_sm4_gcm_sni
|
||||
tls12_sm4_cbc_sni
|
||||
tls12_sm4_gcm_client_cert
|
||||
tls13_sm4_gcm_sni
|
||||
tls13_sm4_gcm_client_cert
|
||||
tls13_hrr_sm4_gcm
|
||||
tls13_psk_dhe_sm4_gcm
|
||||
tls13_psk_only_sm4_gcm
|
||||
@@ -827,7 +831,7 @@ endif()
|
||||
#
|
||||
set(CPACK_PACKAGE_NAME "GmSSL")
|
||||
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
||||
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1113")
|
||||
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1114")
|
||||
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
||||
set(CPACK_NSIS_MODIFY_PATH ON)
|
||||
include(CPack)
|
||||
|
||||
@@ -3,43 +3,66 @@ include("${CMAKE_CURRENT_LIST_DIR}/tls_command_test.cmake")
|
||||
gmssl_require_file(sm2_root_ca_cert.pem)
|
||||
gmssl_require_file(sm2_tls_server_certs.pem)
|
||||
gmssl_require_file(sm2_tls_server_key.pem)
|
||||
gmssl_require_file(sm2_tls_client_certs.pem)
|
||||
gmssl_require_file(sm2_tls_client_key.pem)
|
||||
|
||||
if(NOT DEFINED TEST_CASE)
|
||||
set(TEST_CASE tls12_sm4_cbc)
|
||||
set(TEST_CASE tls12_sm4_gcm_sni)
|
||||
endif()
|
||||
|
||||
if(TEST_CASE STREQUAL tls12_sm4_cbc)
|
||||
set(TEST_NAME tls12_sm4_cbc)
|
||||
set(TEST_PORT 4432)
|
||||
set(TEST_CIPHER_SUITE TLS_ECDHE_SM4_CBC_SM3)
|
||||
elseif(TEST_CASE STREQUAL tls12_sm4_gcm)
|
||||
set(TEST_NAME tls12_sm4_gcm)
|
||||
if(TEST_CASE STREQUAL tls12_sm4_gcm_sni)
|
||||
set(TEST_NAME tls12_sm4_gcm_sni)
|
||||
set(TEST_PORT 4434)
|
||||
set(TEST_CIPHER_SUITE TLS_ECDHE_SM4_GCM_SM3)
|
||||
set(TEST_CLIENT_CERT OFF)
|
||||
elseif(TEST_CASE STREQUAL tls12_sm4_cbc_sni)
|
||||
set(TEST_NAME tls12_sm4_cbc_sni)
|
||||
set(TEST_PORT 4432)
|
||||
set(TEST_CIPHER_SUITE TLS_ECDHE_SM4_CBC_SM3)
|
||||
set(TEST_CLIENT_CERT OFF)
|
||||
elseif(TEST_CASE STREQUAL tls12_sm4_gcm_client_cert)
|
||||
set(TEST_NAME tls12_sm4_gcm_client_cert)
|
||||
set(TEST_PORT 4438)
|
||||
set(TEST_CIPHER_SUITE TLS_ECDHE_SM4_GCM_SM3)
|
||||
set(TEST_CLIENT_CERT ON)
|
||||
else()
|
||||
message(FATAL_ERROR "unknown TLS 1.2 test case: ${TEST_CASE}")
|
||||
endif()
|
||||
|
||||
set(TEST_SERVER_ARGS
|
||||
tls12_server
|
||||
-port ${TEST_PORT}
|
||||
-cipher_suite ${TEST_CIPHER_SUITE}
|
||||
-supported_group sm2p256v1
|
||||
-sig_alg sm2sig_sm3
|
||||
-cert sm2_tls_server_certs.pem
|
||||
-key sm2_tls_server_key.pem
|
||||
-pass P@ssw0rd)
|
||||
|
||||
set(TEST_CLIENT_ARGS
|
||||
tls12_client
|
||||
-host 127.0.0.1
|
||||
-port ${TEST_PORT}
|
||||
-server_name localhost
|
||||
-cacert sm2_root_ca_cert.pem
|
||||
-cipher_suite ${TEST_CIPHER_SUITE}
|
||||
-supported_group sm2p256v1
|
||||
-sig_alg sm2sig_sm3
|
||||
-in ${TEST_NAME}_message.txt)
|
||||
|
||||
if(TEST_CLIENT_CERT)
|
||||
list(APPEND TEST_SERVER_ARGS
|
||||
-cacert sm2_root_ca_cert.pem
|
||||
-cert_request)
|
||||
list(APPEND TEST_CLIENT_ARGS
|
||||
-cert sm2_tls_client_certs.pem
|
||||
-key sm2_tls_client_key.pem
|
||||
-pass P@ssw0rd)
|
||||
endif()
|
||||
|
||||
gmssl_run_tls_command_test(
|
||||
TEST_NAME ${TEST_NAME}
|
||||
PORT ${TEST_PORT}
|
||||
SERVER_ARGS
|
||||
tls12_server
|
||||
-port ${TEST_PORT}
|
||||
-cert sm2_tls_server_certs.pem
|
||||
-key sm2_tls_server_key.pem
|
||||
-pass P@ssw0rd
|
||||
-cipher_suite ${TEST_CIPHER_SUITE}
|
||||
-supported_group sm2p256v1
|
||||
-sig_alg sm2sig_sm3
|
||||
CLIENT_ARGS
|
||||
tls12_client
|
||||
-host 127.0.0.1
|
||||
-port ${TEST_PORT}
|
||||
-server_name localhost
|
||||
-cacert sm2_root_ca_cert.pem
|
||||
-cipher_suite ${TEST_CIPHER_SUITE}
|
||||
-supported_group sm2p256v1
|
||||
-sig_alg sm2sig_sm3
|
||||
-in ${TEST_NAME}_message.txt
|
||||
SERVER_ARGS ${TEST_SERVER_ARGS}
|
||||
CLIENT_ARGS ${TEST_CLIENT_ARGS}
|
||||
)
|
||||
|
||||
@@ -3,36 +3,62 @@ include("${CMAKE_CURRENT_LIST_DIR}/tls_command_test.cmake")
|
||||
gmssl_require_file(sm2_root_ca_cert.pem)
|
||||
gmssl_require_file(sm2_tls_server_certs.pem)
|
||||
gmssl_require_file(sm2_tls_server_key.pem)
|
||||
gmssl_require_file(sm2_tls_client_certs.pem)
|
||||
gmssl_require_file(sm2_tls_client_key.pem)
|
||||
|
||||
set(TLS13_PSK 1122334455667788112233445566778811223344556677881122334455667788)
|
||||
|
||||
if(NOT DEFINED TEST_CASE)
|
||||
set(TEST_CASE tls13_sm4_gcm)
|
||||
set(TEST_CASE tls13_sm4_gcm_sni)
|
||||
endif()
|
||||
|
||||
if(TEST_CASE STREQUAL tls13_sm4_gcm)
|
||||
gmssl_run_tls_command_test(
|
||||
TEST_NAME tls13_sm4_gcm
|
||||
PORT 4433
|
||||
SERVER_ARGS
|
||||
tls13_server
|
||||
-port 4433
|
||||
-cert sm2_tls_server_certs.pem
|
||||
-key sm2_tls_server_key.pem
|
||||
-pass P@ssw0rd
|
||||
-cipher_suite TLS_SM4_GCM_SM3
|
||||
-supported_group sm2p256v1
|
||||
-sig_alg sm2sig_sm3
|
||||
CLIENT_ARGS
|
||||
tls13_client
|
||||
-host 127.0.0.1
|
||||
-port 4433
|
||||
-server_name localhost
|
||||
if(TEST_CASE STREQUAL tls13_sm4_gcm_sni)
|
||||
set(TEST_NAME tls13_sm4_gcm_sni)
|
||||
set(TEST_PORT 4433)
|
||||
set(TEST_CLIENT_CERT OFF)
|
||||
elseif(TEST_CASE STREQUAL tls13_sm4_gcm_client_cert)
|
||||
set(TEST_NAME tls13_sm4_gcm_client_cert)
|
||||
set(TEST_PORT 4439)
|
||||
set(TEST_CLIENT_CERT ON)
|
||||
endif()
|
||||
|
||||
if(DEFINED TEST_NAME)
|
||||
set(TEST_SERVER_ARGS
|
||||
tls13_server
|
||||
-port ${TEST_PORT}
|
||||
-cipher_suite TLS_SM4_GCM_SM3
|
||||
-supported_group sm2p256v1
|
||||
-sig_alg sm2sig_sm3
|
||||
-cert sm2_tls_server_certs.pem
|
||||
-key sm2_tls_server_key.pem
|
||||
-pass P@ssw0rd)
|
||||
|
||||
set(TEST_CLIENT_ARGS
|
||||
tls13_client
|
||||
-host 127.0.0.1
|
||||
-port ${TEST_PORT}
|
||||
-server_name localhost
|
||||
-cacert sm2_root_ca_cert.pem
|
||||
-cipher_suite TLS_SM4_GCM_SM3
|
||||
-supported_group sm2p256v1
|
||||
-sig_alg sm2sig_sm3
|
||||
-in ${TEST_NAME}_message.txt)
|
||||
|
||||
if(TEST_CLIENT_CERT)
|
||||
list(APPEND TEST_SERVER_ARGS
|
||||
-cacert sm2_root_ca_cert.pem
|
||||
-cipher_suite TLS_SM4_GCM_SM3
|
||||
-supported_group sm2p256v1
|
||||
-sig_alg sm2sig_sm3
|
||||
-in tls13_sm4_gcm_message.txt
|
||||
-cert_request)
|
||||
list(APPEND TEST_CLIENT_ARGS
|
||||
-cert sm2_tls_client_certs.pem
|
||||
-key sm2_tls_client_key.pem
|
||||
-pass P@ssw0rd)
|
||||
endif()
|
||||
|
||||
gmssl_run_tls_command_test(
|
||||
TEST_NAME ${TEST_NAME}
|
||||
PORT ${TEST_PORT}
|
||||
SERVER_ARGS ${TEST_SERVER_ARGS}
|
||||
CLIENT_ARGS ${TEST_CLIENT_ARGS}
|
||||
)
|
||||
elseif(TEST_CASE STREQUAL tls13_hrr_sm4_gcm)
|
||||
gmssl_run_tls_command_test(
|
||||
|
||||
@@ -18,7 +18,7 @@ extern "C" {
|
||||
|
||||
|
||||
#define GMSSL_VERSION_NUM 30200
|
||||
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1113"
|
||||
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1114"
|
||||
|
||||
int gmssl_version_num(void);
|
||||
const char *gmssl_version_str(void);
|
||||
|
||||
@@ -9,8 +9,8 @@
|
||||
|
||||
"\n"
|
||||
"Supported cipher suites:\n"
|
||||
" TLS_ECC_SM4_GCM_SM3\n"
|
||||
" TLS_ECC_SM4_CBC_SM3\n"
|
||||
" TLS_ECC_SM4_GCM_SM3\n"
|
||||
"\n"
|
||||
"\n"
|
||||
"Examples\n"
|
||||
|
||||
@@ -8,98 +8,63 @@
|
||||
*/
|
||||
|
||||
"\n"
|
||||
" -cipher_suite options\n"
|
||||
" TLS_ECDHE_SM4_CBC_SM3 TLS 1.2\n"
|
||||
" TLS_ECDHE_SM4_GCM_SM3 TLS 1.2\n"
|
||||
" TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS 1.2\n"
|
||||
" TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS 1.2\n"
|
||||
"Supported cipher suites:\n"
|
||||
" TLS_ECDHE_SM4_CBC_SM3\n"
|
||||
" TLS_ECDHE_SM4_GCM_SM3\n"
|
||||
#if defined(ENABLE_AES) && defined(ENABLE_SHA2) && defined(ENABLE_SECP256R1)
|
||||
" TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256\n"
|
||||
" TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n"
|
||||
#ifdef ENABLE_AES_CCM
|
||||
" TLS_ECDHE_ECDSA_WITH_AES_128_CCM\n"
|
||||
#endif
|
||||
#endif
|
||||
"\n"
|
||||
"\n"
|
||||
"Examples\n"
|
||||
"\n"
|
||||
"Build with TLS 1.2, AES, and P-256 enabled\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_root_ca_key.pem\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 Test Root CA\" \\\n"
|
||||
" -days 3650 -key sm2_root_ca_key.pem -pass P@ssw0rd -out sm2_root_ca_cert.pem \\\n"
|
||||
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
"\n"
|
||||
" cmake -S . -B build -DENABLE_TLS=ON -DENABLE_AES=ON -DENABLE_SECP256R1=ON\n"
|
||||
" cmake --build build\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tls_ca_key.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLS CA\" \\\n"
|
||||
" -key sm2_tls_ca_key.pem -pass P@ssw0rd -out sm2_tls_ca_req.pem\n"
|
||||
" gmssl reqsign -in sm2_tls_ca_req.pem -days 1825 -key_usage keyCertSign \\\n"
|
||||
" -key_usage cRLSign -path_len_constraint 0 -cacert sm2_root_ca_cert.pem \\\n"
|
||||
" -key sm2_root_ca_key.pem -pass P@ssw0rd -out sm2_tls_ca_cert.pem -ca\n"
|
||||
"\n"
|
||||
"Generate SM2 certificates for sm2.example.com\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tls_server_key.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLS Server\" \\\n"
|
||||
" -key sm2_tls_server_key.pem -pass P@ssw0rd -out sm2_tls_server_req.pem\n"
|
||||
" gmssl reqsign -in sm2_tls_server_req.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -ext_key_usage serverAuth -subject_dns_name localhost -cacert sm2_tls_ca_cert.pem \\\n"
|
||||
" -key sm2_tls_ca_key.pem -pass P@ssw0rd -out sm2_tls_server_cert.pem\n"
|
||||
" cat sm2_tls_server_cert.pem > sm2_tls_server_certs.pem\n"
|
||||
" cat sm2_tls_ca_cert.pem >> sm2_tls_server_certs.pem\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out sm2rootcakey.pem\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN SM2ROOTCA -days 3650 \\\n"
|
||||
" -key sm2rootcakey.pem -pass 1234 -out sm2rootcacert.pem \\\n"
|
||||
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tls_client_key.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLS Client\" \\\n"
|
||||
" -key sm2_tls_client_key.pem -pass P@ssw0rd -out sm2_tls_client_req.pem\n"
|
||||
" gmssl reqsign -in sm2_tls_client_req.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -ext_key_usage clientAuth -cacert sm2_tls_ca_cert.pem -key sm2_tls_ca_key.pem \\\n"
|
||||
" -pass P@ssw0rd -out sm2_tls_client_cert.pem\n"
|
||||
" cat sm2_tls_client_cert.pem > sm2_tls_client_certs.pem\n"
|
||||
" cat sm2_tls_ca_cert.pem >> sm2_tls_client_certs.pem\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out sm2cakey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"SM2 Sub CA\" \\\n"
|
||||
" -key sm2cakey.pem -pass 1234 -out sm2careq.pem\n"
|
||||
" gmssl reqsign -in sm2careq.pem -days 365 -key_usage keyCertSign \\\n"
|
||||
" -cacert sm2rootcacert.pem -key sm2rootcakey.pem -pass 1234 \\\n"
|
||||
" -ca -path_len_constraint 0 -out sm2cacert.pem\n"
|
||||
" printf 'hello tls12\\n' > message.txt\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out sm2signkey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN sm2.example.com \\\n"
|
||||
" -key sm2signkey.pem -pass 1234 -out sm2signreq.pem\n"
|
||||
" gmssl reqsign -in sm2signreq.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -cacert sm2cacert.pem -key sm2cakey.pem -pass 1234 \\\n"
|
||||
" -subject_dns_name sm2.example.com -out sm2signcert.pem\n"
|
||||
" gmssl tls12_server -port 4432 -cert sm2_tls_server_certs.pem -key sm2_tls_server_key.pem -pass P@ssw0rd \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4432 -server_name localhost -cacert sm2_root_ca_cert.pem \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -in message.txt\n"
|
||||
"\n"
|
||||
" cat sm2signcert.pem > sm2certs.pem\n"
|
||||
" cat sm2cacert.pem >> sm2certs.pem\n"
|
||||
"\n"
|
||||
"Generate P-256 certificates for p256.example.com\n"
|
||||
"\n"
|
||||
" gmssl p256keygen -pass 1234 -out p256rootcakey.pem -export p256rootcakey.exp\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN P256ROOTCA -days 3650 \\\n"
|
||||
" -key p256rootcakey.pem -pass 1234 -out p256rootcacert.pem \\\n"
|
||||
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
"\n"
|
||||
" gmssl p256keygen -pass 1234 -out p256cakey.pem -export p256cakey.exp\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"P256 Sub CA\" \\\n"
|
||||
" -key p256cakey.pem -pass 1234 -out p256careq.pem\n"
|
||||
" gmssl reqsign -in p256careq.pem -days 365 -key_usage keyCertSign \\\n"
|
||||
" -cacert p256rootcacert.pem -key p256rootcakey.pem -pass 1234 \\\n"
|
||||
" -ca -path_len_constraint 0 -out p256cacert.pem\n"
|
||||
"\n"
|
||||
" gmssl p256keygen -pass 1234 -out p256signkey.pem -export p256signkey.exp\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN p256.example.com \\\n"
|
||||
" -key p256signkey.pem -pass 1234 -out p256signreq.pem\n"
|
||||
" gmssl reqsign -in p256signreq.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -cacert p256cacert.pem -key p256cakey.pem -pass 1234 \\\n"
|
||||
" -subject_dns_name p256.example.com -out p256signcert.pem\n"
|
||||
"\n"
|
||||
" cat p256signcert.pem > p256certs.pem\n"
|
||||
" cat p256cacert.pem >> p256certs.pem\n"
|
||||
"\n"
|
||||
" cat sm2rootcacert.pem > rootcacerts.pem\n"
|
||||
" cat p256rootcacert.pem >> rootcacerts.pem\n"
|
||||
"\n"
|
||||
"TLS 1.2 server with two certificate chains selected by SNI\n"
|
||||
"\n"
|
||||
" gmssl tls12_server -port 4430 \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
|
||||
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
|
||||
" -supported_group sm2p256v1 -supported_group prime256v1 \\\n"
|
||||
" -sig_alg sm2sig_sm3 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cert sm2certs.pem -key sm2signkey.pem -pass 1234 \\\n"
|
||||
" -cert p256certs.pem -key p256signkey.pem -pass 1234\n"
|
||||
"\n"
|
||||
"TLS 1.2 clients with SNI\n"
|
||||
"\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4430 -server_name sm2.example.com \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
|
||||
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
|
||||
" -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cacert rootcacerts.pem\n"
|
||||
"\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4430 -server_name p256.example.com \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
|
||||
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
|
||||
" -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cacert rootcacerts.pem\n"
|
||||
"\n"
|
||||
" gmssl tls12_server -port 4430 -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 -cert p256certs.pem -key p256signkey.pem -pass 1234 \\\n"
|
||||
" -cacert p256cacert.pem -verbose -cert_request\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4430 -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cert p256signcert.pem -key p256signkey.pem -pass 1234 -cacert p256rootcacert.pem -verbose\n"
|
||||
" gmssl tls12_server -port 4438 -cert sm2_tls_server_certs.pem -key sm2_tls_server_key.pem -pass P@ssw0rd \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -cacert sm2_root_ca_cert.pem -cert_request\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4438 -server_name localhost -cacert sm2_root_ca_cert.pem \\\n"
|
||||
" -cipher_suite TLS_ECDHE_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -cert sm2_tls_client_certs.pem -key sm2_tls_client_key.pem -pass P@ssw0rd \\\n"
|
||||
" -in message.txt\n"
|
||||
"\n"
|
||||
|
||||
@@ -1,202 +1,62 @@
|
||||
"\n"
|
||||
" -cipher_suite options\n"
|
||||
" TLS_SM4_GCM_SM3 TLS 1.3\n"
|
||||
" TLS_AES_128_GCM_SHA256 TLS 1.3\n"
|
||||
" TLS_ECC_SM4_CBC_SM3 TLCP\n"
|
||||
" TLS_ECDHE_SM4_CBC_SM3 TLCP TLS 1.2\n"
|
||||
" TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS 1.2\n"
|
||||
"Supported cipher suites:\n"
|
||||
" TLS_SM4_GCM_SM3\n"
|
||||
#ifdef ENABLE_SM4_CCM
|
||||
" TLS_SM4_CCM_SM3\n"
|
||||
#endif
|
||||
#if defined(ENABLE_AES) && defined(ENABLE_SHA2)
|
||||
" TLS_AES_128_GCM_SHA256\n"
|
||||
#ifdef ENABLE_AES_CCM
|
||||
" TLS_AES_128_CCM_SHA256\n"
|
||||
#endif
|
||||
#endif
|
||||
"\n"
|
||||
" -supported_group options\n"
|
||||
" sm2p256v1\n"
|
||||
" prime256v1\n"
|
||||
"\n"
|
||||
" -sig_alg options\n"
|
||||
" sm2sig_sm3\n"
|
||||
" ecdsa_secp256r1_sha256\n"
|
||||
"Examples\n"
|
||||
"\n"
|
||||
"Generate SM2 certificates\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_root_ca_key.pem\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 Test Root CA\" \\\n"
|
||||
" -days 3650 -key sm2_root_ca_key.pem -pass P@ssw0rd -out sm2_root_ca_cert.pem \\\n"
|
||||
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out sm2rootcakey.pem\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 \\\n"
|
||||
" -key sm2rootcakey.pem -pass 1234 -out sm2rootcacert.pem \\\n"
|
||||
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tls_ca_key.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLS CA\" \\\n"
|
||||
" -key sm2_tls_ca_key.pem -pass P@ssw0rd -out sm2_tls_ca_req.pem\n"
|
||||
" gmssl reqsign -in sm2_tls_ca_req.pem -days 1825 -key_usage keyCertSign \\\n"
|
||||
" -key_usage cRLSign -path_len_constraint 0 -cacert sm2_root_ca_cert.pem \\\n"
|
||||
" -key sm2_root_ca_key.pem -pass P@ssw0rd -out sm2_tls_ca_cert.pem -ca\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out sm2cakey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"Sub CA\" \\\n"
|
||||
" -key sm2cakey.pem -pass 1234 -out sm2careq.pem\n"
|
||||
" gmssl reqsign -in sm2careq.pem -days 365 -key_usage keyCertSign \\\n"
|
||||
" -cacert sm2rootcacert.pem -key sm2rootcakey.pem -pass 1234 \\\n"
|
||||
" -ca -path_len_constraint 0 \\\n"
|
||||
" -out sm2cacert.pem\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tls_server_key.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLS Server\" \\\n"
|
||||
" -key sm2_tls_server_key.pem -pass P@ssw0rd -out sm2_tls_server_req.pem\n"
|
||||
" gmssl reqsign -in sm2_tls_server_req.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -ext_key_usage serverAuth -subject_dns_name localhost -cacert sm2_tls_ca_cert.pem \\\n"
|
||||
" -key sm2_tls_ca_key.pem -pass P@ssw0rd -out sm2_tls_server_cert.pem\n"
|
||||
" cat sm2_tls_server_cert.pem > sm2_tls_server_certs.pem\n"
|
||||
" cat sm2_tls_ca_cert.pem >> sm2_tls_server_certs.pem\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out sm2signkey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost \\\n"
|
||||
" -key sm2signkey.pem -pass 1234 -out sm2signreq.pem\n"
|
||||
" gmssl reqsign -in sm2signreq.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -cacert sm2cacert.pem -key sm2cakey.pem -pass 1234 \\\n"
|
||||
" -out sm2signcert.pem\n"
|
||||
" gmssl sm2keygen -pass P@ssw0rd -out sm2_tls_client_key.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O GmSSL -OU Test -CN \"GmSSL SM2 TLS Client\" \\\n"
|
||||
" -key sm2_tls_client_key.pem -pass P@ssw0rd -out sm2_tls_client_req.pem\n"
|
||||
" gmssl reqsign -in sm2_tls_client_req.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -ext_key_usage clientAuth -cacert sm2_tls_ca_cert.pem -key sm2_tls_ca_key.pem \\\n"
|
||||
" -pass P@ssw0rd -out sm2_tls_client_cert.pem\n"
|
||||
" cat sm2_tls_client_cert.pem > sm2_tls_client_certs.pem\n"
|
||||
" cat sm2_tls_ca_cert.pem >> sm2_tls_client_certs.pem\n"
|
||||
"\n"
|
||||
" cat sm2signcert.pem > sm2certs.pem\n"
|
||||
" cat sm2cacert.pem >> sm2certs.pem\n"
|
||||
" printf 'hello tls13\\n' > message.txt\n"
|
||||
"\n"
|
||||
"TLS 1.3 with TLS_SM4_GCM_SM3 cipher suite\n"
|
||||
" gmssl tls13_server -port 4433 -cert sm2_tls_server_certs.pem -key sm2_tls_server_key.pem -pass P@ssw0rd \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4433 -server_name localhost -cacert sm2_root_ca_cert.pem \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -in message.txt\n"
|
||||
"\n"
|
||||
" gmssl tls13_server -port 4430 -cert sm2certs.pem -key sm2signkey.pem -pass 1234 \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3\n"
|
||||
" gmssl tls13_server -port 4439 -cert sm2_tls_server_certs.pem -key sm2_tls_server_key.pem -pass P@ssw0rd \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -cacert sm2_root_ca_cert.pem -cert_request\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4439 -server_name localhost -cacert sm2_root_ca_cert.pem \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -cert sm2_tls_client_certs.pem -key sm2_tls_client_key.pem -pass P@ssw0rd \\\n"
|
||||
" -in message.txt\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cacert sm2rootcacert.pem \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3\n"
|
||||
"\n"
|
||||
"Generate P-256 certificates\n"
|
||||
"\n"
|
||||
" gmssl p256keygen -pass 1234 -out p256rootcakey.pem -export p256rootcakey.exp\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN P256ROOTCA -days 3650 \\\n"
|
||||
" -key p256rootcakey.pem -pass 1234 -out p256rootcacert.pem \\\n"
|
||||
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
"\n"
|
||||
" gmssl p256keygen -pass 1234 -out p256cakey.pem -export p256cakey.exp\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"P256 Sub CA\" \\\n"
|
||||
" -key p256cakey.pem -pass 1234 -out p256careq.pem\n"
|
||||
" gmssl reqsign -in p256careq.pem -days 365 -key_usage keyCertSign \\\n"
|
||||
" -cacert p256rootcacert.pem -key p256rootcakey.pem -pass 1234 \\\n"
|
||||
" -ca -path_len_constraint 0 \\\n"
|
||||
" -out p256cacert.pem\n"
|
||||
"\n"
|
||||
" gmssl p256keygen -pass 1234 -out p256signkey.pem -export p256signkey.exp\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN 127.0.0.1 \\\n"
|
||||
" -key p256signkey.pem -pass 1234 -out p256signreq.pem\n"
|
||||
" gmssl reqsign -in p256signreq.pem -days 365 -key_usage digitalSignature \\\n"
|
||||
" -cacert p256cacert.pem -key p256cakey.pem -pass 1234 \\\n"
|
||||
" -subject_dns_name 127.0.0.1 \\\n"
|
||||
" -out p256signcert.pem\n"
|
||||
"\n"
|
||||
" cat p256signcert.pem > p256certs.pem\n"
|
||||
" cat p256cacert.pem >> p256certs.pem\n"
|
||||
"\n"
|
||||
" cat sm2rootcacert.pem > rootcacerts.pem\n"
|
||||
" cat p256rootcacert.pem >> rootcacerts.pem\n"
|
||||
"\n"
|
||||
"TLS 1.3 with TLS_AES_128_GCM_SHA256\n"
|
||||
" gmssl tls13_server -port 4430 \\\n"
|
||||
" -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cert p256certs.pem -key p256signkey.pem -pass 1234\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cacert rootcacerts.pem \\\n"
|
||||
" -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256\n"
|
||||
"\n"
|
||||
" add `SSL_CTX_clear_options(ctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);` to openssl apps/s_server.c\n"
|
||||
" add `SSL_CTX_clear_options(ctx, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);` to openssl apps/s_client.c\n"
|
||||
"\n"
|
||||
" /usr/local/bin/openssl s_server -accept 4430 -cert p256signcert.pem -cert_chain p256cacert.pem -key p256signkey.exp \\\n"
|
||||
" -tls1_3 -ciphersuites TLS_AES_128_GCM_SHA256 -named_curve prime256v1 \\\n"
|
||||
" -trace\n"
|
||||
"\n"
|
||||
" /usr/local/bin/openssl s_client -connect 127.0.0.1:4430 -tls1_3 -CAfile p256rootcacert.pem -groups prime256v1 -trace\n"
|
||||
"\n"
|
||||
"TLS 1.3 SNI\n"
|
||||
"\n"
|
||||
" gmssl tls13_server -port 4430 \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -cert sm2certs.pem -key sm2signkey.pem -pass 1234 \\\n"
|
||||
" -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cert p256certs.pem -key p256signkey.pem -pass 1234\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cacert rootcacerts.pem \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -server_name 127.0.0.1\n"
|
||||
"\n"
|
||||
"HelloRetryRequest\n"
|
||||
"\n"
|
||||
" gmssl tls13_server -port 4430 \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -cert sm2certs.pem -key sm2signkey.pem -pass 1234\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cacert rootcacerts.pem \\\n"
|
||||
" -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -max_key_exchanges 1 # or -max_key_exchanges 0 \n"
|
||||
"\n"
|
||||
"ClientHello with OCSP request, CT, and other extensions\n"
|
||||
"\n"
|
||||
" gmssl tls13_server -port 4430 \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -cipher_suite TLS_AES_128_GCM_SHA256 \\\n"
|
||||
" -supported_group sm2p256v1 -supported_group prime256v1 \\\n"
|
||||
" -sig_alg sm2sig_sm3 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -cert sm2certs.pem -key sm2signkey.pem -pass 1234\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cacert rootcacerts.pem \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -cipher_suite TLS_AES_128_GCM_SHA256 \\\n"
|
||||
" -supported_group sm2p256v1 -supported_group prime256v1 \\\n"
|
||||
" -sig_alg sm2sig_sm3 -sig_alg ecdsa_secp256r1_sha256 \\\n"
|
||||
" -max_key_exchanges 2 \\\n"
|
||||
" -server_name 127.0.0.1 \\\n"
|
||||
" -signature_algorithms_cert \\\n"
|
||||
" -status_request \\\n"
|
||||
" -post_handshake_auth \\\n"
|
||||
" -ct\n"
|
||||
"\n"
|
||||
"NewSessionTicket\n"
|
||||
"\n"
|
||||
" TICKET_KEY=11223344556677881122334455667788\n"
|
||||
"\n"
|
||||
" gmssl tls13_server -port 4430 -cert sm2certs.pem -key sm2signkey.pem -pass 1234 \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -new_session_ticket 2 -ticket_key $TICKET_KEY\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cacert rootcacerts.pem \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -sess_out session.bin\n"
|
||||
"\n"
|
||||
"PSK-DHE from session ticket\n"
|
||||
"\n"
|
||||
" gmssl tls13_server -port 4430 -cert sm2certs.pem -key sm2signkey.pem -pass 1234 \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 \\\n"
|
||||
" -psk_dhe_ke -ticket_key $TICKET_KEY\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 \\\n"
|
||||
" -psk_dhe_ke -sess_in session.bin\n"
|
||||
"\n"
|
||||
"PSK-DHE/PSK from external\n"
|
||||
"\n"
|
||||
" PSK=1122334455667788112233445566778811223344556677881122334455667788\n"
|
||||
"\n"
|
||||
" gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 \\\n"
|
||||
" -supported_group sm2p256v1 -psk_dhe_ke \\\n"
|
||||
" -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cipher_suite TLS_SM4_GCM_SM3 \\\n"
|
||||
" -supported_group sm2p256v1 -psk_dhe_ke \\\n"
|
||||
" -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK\n"
|
||||
"\n"
|
||||
" gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 \\\n"
|
||||
" -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cipher_suite TLS_SM4_GCM_SM3 \\\n"
|
||||
" -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK\n"
|
||||
"\n"
|
||||
"EarlyData (0-RTT)\n"
|
||||
"\n"
|
||||
" gmssl tls13_server -port 4430 -cipher_suite TLS_SM4_GCM_SM3 \\\n"
|
||||
" -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK \\\n"
|
||||
" -early_data\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cipher_suite TLS_SM4_GCM_SM3 \\\n"
|
||||
" -psk_ke -psk_identity 001 -psk_cipher_suite TLS_SM4_GCM_SM3 -psk_key $PSK \\\n"
|
||||
" -early_data early_data.txt\n"
|
||||
"\n"
|
||||
"CertificateRequest\n"
|
||||
"\n"
|
||||
" gmssl tls13_server -port 4430 -cert sm2certs.pem -key sm2signkey.pem -pass 1234 \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -cert_request -cacert sm2rootcacert.pem\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cacert sm2rootcacert.pem \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
|
||||
" -cert sm2certs.pem -key sm2signkey.pem -pass 1234\n"
|
||||
"\n"
|
||||
"CertificateRequest without CertificateVerify\n"
|
||||
"\n"
|
||||
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cacert sm2rootcacert.pem \\\n"
|
||||
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3\n"
|
||||
|
||||
Reference in New Issue
Block a user