<button id="qvlbh"><button id="qvlbh"></button></button>
<xmp id="qvlbh"><xmp id="qvlbh"><xmp id="qvlbh"><address id="qvlbh"><output id="qvlbh"></output></address>
<xmp id="qvlbh"><legend id="qvlbh"></legend>
<xmp id="qvlbh"> <address id="qvlbh"><output id="qvlbh"></output></address>
<address id="qvlbh"><button id="qvlbh"></button></address>
<button id="qvlbh"><samp id="qvlbh"></samp></button>
<address id="qvlbh"><button id="qvlbh"></button></address><address id="qvlbh"></address>
<address id="qvlbh"><legend id="qvlbh"></legend></address>
<samp id="qvlbh"><xmp id="qvlbh"><legend id="qvlbh"></legend>
中國站
幫助中心 > 安全 > 高防IP > 常見(jiàn)問(wèn)題 > 高防IP如何實(shí)現基于SSL的TCP連接

高防IP如何實(shí)現基于SSL的TCP連接

應用場(chǎng)景

在一般使用中,我們在Web應用中,將SSL證書(shū)用于HTTP協(xié)議或Websocket的訪(fǎng)問(wèn)上。但是TCP服務(wù)SSL使用的不多,本文介紹如何使用高防IP實(shí)現基于SSL的TCP連接,更好地對請求進(jìn)行加密

名詞介紹
單向認證:服務(wù)端不驗證客戶(hù)端證書(shū),只要TCP client使用TCP SSL模式連接即可。
雙向認證:服務(wù)端驗證客戶(hù)端的證書(shū),服務(wù)端需要開(kāi)啟ssl_verify_peer,同時(shí)ssl_client_cert_file添加簽發(fā)客戶(hù)端證書(shū)的根證書(shū)。

操作流程

  1. 在高防IP的非網(wǎng)站防護中,添加TCP的轉發(fā)端口、源端口和源IP。

  2. 在源站服務(wù)器中,建立TCP SSL server。
    以PHP SWOOLE實(shí)現單向認證為例:

    1. <?php
    2. $server = new Swoole\Server('0.0.0.0', 8082,SWOOLE_PROCESS, SWOOLE_SOCK_TCP | SWOOLE_SSL);
    3. $server->set(array(
    4.  'ssl_cert_file'=>'/data/swoole/cert/ssl.pem',
    5.  'ssl_key_file'=>'/data/swoole/cert/ssl.key',
    6. ));
    7. //監聽(tīng)連接進(jìn)入事件
    8. $server->on('Connect', function ($server, $fd) {
    9.  echo "Client: Connect.\n";
    10. });
    11. //監聽(tīng)數據接收事件
    12. $server->on('Receive', function ($server, $fd, $from_id, $data) {
    13. $fd_info = $server->getClientInfo($fd);
    15.  $server->send($fd, "Server: " . $data);
    16. });
    17. //監聽(tīng)連接關(guān)閉事件
    18. $server->on('Close', function ($server, $fd) {
    19.  echo "Client: Close.\n";
    20. });
    21. //啟動(dòng)服務(wù)器
    22. $server->start();
    23. ?>

    以PHP SWOOLE實(shí)現雙向認證為例:

    1. <?php
    2. $server = new Swoole\Server('0.0.0.0', 8082,SWOOLE_PROCESS, SWOOLE_SOCK_TCP | SWOOLE_SSL);
    3. // $server = new Swoole\Server('0.0.0.0', 8082);
    4. $server->set(array(
    5.  'ssl_cert_file'=>'/data/swoole/cert/ssl.pem',//服務(wù)端證書(shū)
    6.  'ssl_key_file'=>'/data/swoole/cert/ssl.key',
    7.  'ssl_verify_peer'       => true,
    8.  'ssl_allow_self_signed' => true,//允許使用自簽證書(shū)
    9.  'ssl_client_cert_file'  =>'/data/swoole/cert/self/ca.crt',//簽發(fā)客戶(hù)端證書(shū)的根證書(shū)
    10. ));
    11. //監聽(tīng)連接進(jìn)入事件
    12. $server->on('Connect', function ($server, $fd) {
    13.  echo "Client: Connect.\n";
    14. });
    15. //監聽(tīng)數據接收事件
    16. $server->on('Receive', function ($server, $fd, $from_id, $data) {
    17. $fd_info = $server->getClientInfo($fd);
    19.  $server->send($fd, "Server: " . $data);
    20. });
    21. //監聽(tīng)連接關(guān)閉事件
    22. $server->on('Close', function ($server, $fd) {
    23.  echo "Client: Close.\n";
    24. });
    25. //啟動(dòng)服務(wù)器
    26. $server->start();
    27. ?>

  3. 建立SSL類(lèi)型的TCP CLIENT。
    以PHP SWOOLE實(shí)現單向認證為例:

    1. <?php
    2. $client = new Swoole\Client(SWOOLE_SOCK_TCP| SWOOLE_SSL);
    3. if (!$client->connect('x.x.x.x', 8082, -1)) {
    4.  exit("connect failed. Error: {$client->errCode}\n");
    5. }
    6. for($i = 0;$i<=10000;$i++){
    7. $client->send("hello world\n");
    8. echo $client->recv();
    9. sleep(2);
    10. }
    11. $client->close();

    以PHP SWOOLE實(shí)現雙向認證為例:

    1. <?php
    2. $client = new Swoole\Client(SWOOLE_SOCK_TCP| SWOOLE_SSL);
    3. $client->set(array(
    4.  'ssl_cert_file'=>'/data/swoole/cert/self/client.crt',//客戶(hù)端證書(shū)
    5.  'ssl_key_file'=>'/data/swoole/cert/self/client.key',
    6.  ));
    7. if (!$client->connect('123.129.219.113', 8082, -1)) {
    8.  exit("connect failed. Error: {$client->errCode}\n");
    9. }
    10. for($i = 0;$i<=10000;$i++){
    11. $client->send("hello world\n");
    12. echo $client->recv();
    13. sleep(2);
    14. }
    15. $client->close();

  4. 也可以使用openssl庫來(lái)作為client。

    1. openssl s_client -connect IP:444
国产精品香港三级|日韩精品无码免费专区网站|熟女一区二区三区|一本伊大人香蕉久久网|jzzijzzij亚洲乱熟无码
<button id="qvlbh"><button id="qvlbh"></button></button>
<xmp id="qvlbh"><xmp id="qvlbh"><xmp id="qvlbh"><address id="qvlbh"><output id="qvlbh"></output></address>
<xmp id="qvlbh"><legend id="qvlbh"></legend>
<xmp id="qvlbh"> <address id="qvlbh"><output id="qvlbh"></output></address>
<address id="qvlbh"><button id="qvlbh"></button></address>
<button id="qvlbh"><samp id="qvlbh"></samp></button>
<address id="qvlbh"><button id="qvlbh"></button></address><address id="qvlbh"></address>
<address id="qvlbh"><legend id="qvlbh"></legend></address>
<samp id="qvlbh"><xmp id="qvlbh"><legend id="qvlbh"></legend>