google-chrome - ECC 证书在 Chrome 中不起作用？

Question

我正在尝试将 HAProxy 配置为根据客户端的浏览器提供 RSA 或 ECC 证书。我最初尝试配置 ECC 证书，但我注意到最新版本的 Chrome 不支持它们。想知道是否还有其他人遇到此问题？我正在使用具有以下版本的 OS X 10.11.4:

• Chrome (50.0.2661.94)(64 位)[不起作用]
• Firefox (46.0)(64 位)[有效]
• Safari (9.1 11601.5.17.1)(64 位)[有效]
• cURL (7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport zlib/1.2.5) [有效]

我通过 curl --ciphers ecdhe_ecdsa_aes_128_sha --ssl --head --tlsv1.2 https://<url> 调用的 cURL 命令并返回 200 OK。

我在服务器端使用 Ubuntu Xenial 16.04 LTS，版本如下:

[root@haproxy-server]: /etc/haproxy # haproxy -vv
HA-Proxy version 1.6.4 2016/03/13
Copyright 2000-2016 Willy Tarreau <willy@haproxy.org>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2
  OPTIONS = USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.2g  1 Mar 2016
Running on OpenSSL version : OpenSSL 1.0.2g-fips  1 Mar 2016
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.38 2015-11-23
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with Lua version : Lua 5.3.1
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

这是确切问题的屏幕截图:http://imgur.com/wlmQbIi

这是使用 Safari 的同一网站的屏幕截图:http://imgur.com/FEwmmj9

最后，我的 haproxy.cfg文件:

global
    log /dev/log    local0
    log /dev/log    local1 notice
    user haproxy
    group haproxy
    chroot  /var/lib/haproxy
    daemon
    stats socket /run/haproxy/admin.sock level admin
    maxconn 15000
    spread-checks 5
    tune.ssl.default-dh-param   2048
    tune.ssl.maxrecord  1400
    tune.idletimer  1000

    ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

    ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

    ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

    ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets

defaults
    log global
    mode http
    retries 3
    balance roundrobin
    hash-type map-based
    option  httplog
    option  dontlognull
    option  forwardfor
    option  http-server-close
    option  redispatch
    option  abortonclose
    log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          30s
    timeout http-keep-alive 10s
    timeout check           10s
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http

frontend http-frontend
    bind    *:80 accept-proxy
    reqadd  X-Forwarded-Proto:\ http
    use_backend %[req.hdr(host),lower,map_sub(/etc/haproxy/backend.map,test-backend)]

frontend https-frontend
    bind    *:443 accept-proxy ssl crt /etc/ssl/pem/ecc alpn http/1.1
    log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ ssl_version:%sslv\ ssl_cipher:%sslc\ %[ssl_fc_sni]\ %[ssl_fc_npn]
    rspadd  Strict-Transport-Security:\ max-age=31536000;\ includeSubdomains;\ preload
    rspadd  X-Frame-Options:\ DENY
    reqadd  X-Forwarded-Proto:\ https
    use_backend %[req.hdr(host),lower,map_sub(/etc/haproxy/backend.map,test-backend)]

backend test-backend
    balance leastconn
    redirect scheme https code 301 if !{ ssl_fc }
    server test-server 10.10.10.40:80 check

Answer 1

我知道这篇文章不在 StackExchange 的正确部分(抱歉!)，但我想发布一个潜在的解决方案。我认为问题在于 Chrome、Firefox 和 Safari 对椭圆曲线的支持。来自 SSLLabs 网站:

Safari 9 / OS X 10.11 : secp256r1, secp384r1, secp521r1

Firefox 44 / OS X : secp256r1, secp384r1, secp521r1

Chrome 48 / OS X : secp256r1, secp384r1

问题是我正在测试的 ECC 证书的私钥是使用 secp521r1 ( http://imgur.com/dbrJQuW ) 生成的，OS X 10.11 上的最新版本的 Chrome 不支持。

查看本期:https://security.stackexchange.com/questions/100991/why-is-secp521r1-no-longer-supported-in-chrome-others