CN111464387B - Method, device, system and equipment for detecting security of SSL/TLS configuration of terminal - Google Patents
Method, device, system and equipment for detecting security of SSL/TLS configuration of terminal Download PDFInfo
- Publication number
- CN111464387B CN111464387B CN202010243660.8A CN202010243660A CN111464387B CN 111464387 B CN111464387 B CN 111464387B CN 202010243660 A CN202010243660 A CN 202010243660A CN 111464387 B CN111464387 B CN 111464387B
- Authority
- CN
- China
- Prior art keywords
- terminal
- security
- ssl
- data packet
- test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 238000012360 testing method Methods 0.000 claims abstract description 145
- 238000001514 detection method Methods 0.000 claims abstract description 55
- 238000011076 safety test Methods 0.000 claims description 33
- 230000004044 response Effects 0.000 claims description 30
- 238000004891 communication Methods 0.000 description 4
- 238000009781 safety test method Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a method, a device, a system and equipment for detecting the security of SSL/TLS configuration of a terminal, which can automatically detect whether the SSL/TLS configuration security test item of the terminal is completed or not, and if the incomplete security test item exists, start an SSL/TLS test server to perform the incomplete security test item, thereby automatically detecting the security of the SSL/TLS configuration on the terminal without depending on manual detection, and solving the technical problems that the existing security detection of the SSL/TLS configuration of the terminal depends on manual detection and the detection efficiency is low.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, a system, and a device for detecting security of SSL/TLS configuration of a terminal.
Background
With the popularization of internet technology, the importance of network security is becoming more and more apparent. The most widely used internet communication security protocol is ssl (secure Sockets Layer) secure socket Layer protocol, also known as tls (transport Layer security) transport Layer security protocol. The SSL/TLS protocol provides security functions such as identity authentication, data encryption, integrity verification and the like for both communication parties by using a cryptography technology, and is an important basis for the security of the modern Internet.
The security test of the SSL/TLS protocol mainly focuses on the handshake protocol, because the handshake protocol is the basis of the entire SSL/TLS protocol, and the authentication and security parameter negotiation messages in the handshake protocol are unencrypted, so that the possibility of attack exists. The handshake protocol involves the selection and configuration of hundreds of security parameters, which are improperly configured to disable the intended security function, and therefore need to be detected. The existing security testing method for the SSL/TLS protocol mainly aims at SSL/TLS configuration security detection at a server, and the SSL/TLS configuration security detection at a terminal depends on manual testing, which is time-consuming and labor-consuming, so that the SSL/TLS configuration security of the terminal is automatically detected to improve the SSL/TLS configuration security detection efficiency of the terminal, which is a technical problem to be solved urgently by technical personnel in the field.
Disclosure of Invention
The application provides a method, a device, a system and equipment for detecting security of SSL/TLS configuration of a terminal, which are used for solving the technical problems that the existing security detection of SSL/TLS configuration of the terminal depends on manual test and the detection efficiency is low.
In view of the above, a first aspect of the present application provides a method for detecting security of SSL/TLS configuration of a terminal, including:
receiving a TCP data packet sent by a terminal, and inquiring the detection condition of a safety test item of the terminal equipment in a database according to the equipment IP address of the terminal equipment if the TCP data packet carries a ClientHello message;
if all the security test items of the terminal equipment are tested and pass the detection, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet, if the terminal equipment contains unfinished security test items, starting an SSL/TLS test server to test each security test item based on the unfinished security test items, generating corresponding ServerHello messages and Certificate messages, and returning the ServerHello messages and the Certificate messages to the terminal equipment;
and receiving a response message returned by the terminal equipment after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
Optionally, the method further comprises:
and correspondingly storing the safety test items and the corresponding test results in the database.
Optionally, the receiving a TCP data packet sent by the terminal, if the TCP data packet carries a ClientHello message, querying, in a database, a detection condition of a security test item of the terminal device according to a device IP address of the terminal device, includes:
and receiving a TCP data packet transmitted by the terminal and forwarded by the gateway, and inquiring the detection condition of the safety test item of the terminal equipment in a database according to the equipment IP address of the terminal equipment if the TCP data packet carries the ClientHello message.
Optionally, the receiving a TCP data packet sent by the terminal, if the TCP data packet carries a ClientHello message, querying, in a database, a detection condition of a security test item of the terminal device according to a device IP address of the terminal device, further includes:
and if the TCP data packet does not carry the ClientHello message, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet.
Optionally, the security test item includes a protocol version security test, an encryption suite security test, a fuzzy message security test, and a certificate security test.
The second aspect of the present application provides an apparatus for detecting security of SSL/TLS configuration of a terminal, including:
the detection module is used for receiving a TCP data packet sent by a terminal, and inquiring the detection condition of a safety test item of the terminal equipment in a database according to the equipment IP address of the terminal equipment if the TCP data packet carries a ClientHello message;
the testing module is used for forwarding the TCP data packet to an external network according to an original destination IP address of the TCP data packet if all the safety testing items of the terminal equipment are tested and pass the detection, starting an SSL/TLS testing server to test each safety testing item based on the unfinished safety testing item if the terminal equipment contains the unfinished safety testing item, generating corresponding ServerHello messages and Certificate messages, and returning the ServerHello messages and the Certificate messages to the terminal equipment;
and the response module is used for receiving a response message returned by the terminal equipment after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
Optionally, the method further comprises:
and the storage module is used for correspondingly storing the safety test items and the corresponding test results in the database.
Optionally, the detection module is specifically configured to:
receiving a TCP data packet transmitted by a terminal and forwarded by a gateway, and inquiring the detection condition of a safety test item of the terminal equipment in a database according to the equipment IP address of the terminal equipment if the TCP data packet carries a ClientHello message;
the detection module is further configured to:
and if the TCP data packet does not carry the ClientHello message, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet.
The third aspect of the present application provides a system for detecting security of SSL/TLS configuration at a terminal, comprising: terminal equipment, a gateway, a database and a device for detecting the security of the SSL/TLS configuration of the terminal in any one of the first aspect;
the terminal equipment is used for sending a TCP data packet to the gateway;
the gateway is used for forwarding the TCP data packet to the device for detecting the SSL/TLS configuration security of the terminal;
the gateway is provided with an SSL/TLS test server;
the database is used for storing the safety test items and the corresponding test results.
The fourth aspect of the present application provides an apparatus for detecting security of SSL/TLS configuration in a terminal, where the apparatus includes a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the method for detecting security of SSL/TLS configuration of the terminal according to any of the first aspect according to instructions in the program code.
According to the technical scheme, the embodiment of the application has the following advantages:
the application provides a method for detecting security of SSL/TLS configuration of a terminal, which comprises the following steps: receiving a TCP data packet sent by the terminal, and inquiring the detection condition of a safety test item of the terminal in a database according to the equipment IP address of the terminal if the TCP data packet carries a ClientHello message; if all the safety test items of the terminal are tested and pass the detection, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet, if the terminal contains unfinished safety test items, starting an SSL/TLS test server to test each safety test item based on the unfinished safety test items, generating corresponding ServerHello messages and Certificate messages, and returning the ServerHello messages and the Certificate messages to the terminal; and the receiving terminal receives the response message returned after the ServerHello message and the Certificate message and generates a test result according to the response message. The method for detecting the security of the SSL/TLS configuration of the terminal can automatically detect whether the SSL/TLS configuration security test item of the terminal equipment is completed or not, and if the security test item is not completed, the SSL/TLS test server is started to perform the unfinished security test item, so that the security of the SSL/TLS configuration on the terminal equipment is automatically detected, the manual detection is not relied on, and the technical problems that the existing security detection of the SSL/TLS configuration of the terminal is relied on the manual test and the detection efficiency is low are solved.
Drawings
Fig. 1 is a schematic flowchart of a method for detecting security of SSL/TLS configuration of a terminal according to an embodiment of the present application;
fig. 2 is a system framework diagram of a method for detecting security of SSL/TLS configuration of a terminal provided in an embodiment of the present application;
fig. 3 is another schematic flowchart of a method for detecting security of SSL/TLS configuration of a terminal according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an apparatus for detecting security of SSL/TLS configuration of a terminal provided in an embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
For ease of understanding, referring to fig. 1 and 2, the present application provides an embodiment of a method for detecting security of SSL/TLS configuration of a terminal, including:
and 101, receiving a TCP data packet sent by the terminal equipment, and inquiring the detection condition of the security test item of the terminal in a database according to the equipment IP address of the terminal if the TCP data packet carries the ClientHello message.
It should be noted that, in this embodiment of the application, after receiving a TCP data packet sent from a terminal device, it is determined whether the TCP data packet carries a client hello message, that is, a ClientHello message, and receiving the ClientHello message sent by the terminal device indicates that the terminal device initiates an SSL/TLS request. And if the TCP data packet sent by the terminal equipment carries the ClientHello message, inquiring a database according to the IP address of the terminal equipment, and inquiring the detection condition of the safety test item of the terminal equipment in the database.
And step 102, if all the safety test items of the terminal equipment are tested and pass the detection, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet, if the terminal equipment contains unfinished safety test items, starting an SSL/TLS test server to test each safety test item based on the unfinished safety test items, generating corresponding ServerHello messages and Certificate messages, and returning the ServerHello messages and the Certificate messages to the terminal equipment.
It should be noted that, if the result of querying the database in step 101 indicates that all the security test items of the terminal device have been tested and passed the detection, the TCP packet is forwarded to the external network according to the original destination IP address of the TCP packet, and if the terminal device contains an incomplete security test item, the ClientHello message is responded, based on the incomplete security test item, the SSL/TLS test server is started to perform each security test item test, generate a ServerHello message and a Certificate message corresponding to each security test item, and return the ServerHello message and the Certificate message to the terminal device. The SSL/TLS test server may be deployed at the gateway.
And 103, receiving a response message returned by the terminal equipment after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
It should be noted that, after receiving the ServerHello message and the Certificate message, the terminal device responds to the ServerHello message and the Certificate message based on the SSL/TLS configuration on the terminal device, returns a response message, and after receiving the response message returned by the terminal device, may determine whether the corresponding security test item passes the security test according to the response message, and generate a test result. For example, when a protocol version security item is tested, the SSL/TLS test server sends a test message that a security test item is "unsecure SSL 2.0", and if a response message returned by the terminal device is "reject", it indicates that the SSL/TLS configuration of the terminal device is secure, and a test result of the security test item is test pass, and if a response message returned by the terminal device is "accept", it indicates that the SSL/TLS configuration of the terminal device has a security risk, and a test result of the security test item is test fail.
The method for detecting the security of the SSL/TLS configuration of the terminal, provided by the embodiment of the application, can automatically detect whether the security test item of the SSL/TLS configuration of the terminal equipment is completed or not, and if the security test item is not completed, the SSL/TLS test server is started to perform the unfinished security test item, so that the security of the SSL/TLS configuration on the terminal equipment is automatically detected without depending on manual detection, and the technical problems that the existing security detection of the SSL/TLS configuration of the terminal depends on manual detection and the detection efficiency is low are solved.
For ease of understanding, referring to fig. 2 and 3, another embodiment of a method for detecting security of a terminal SSL/TLS configuration is provided, including:
It should be noted that the gateway in the embodiment of the present application may also be a router, and an SSL/TLS test server is deployed at the gateway/router. The received TCP data packet sent by the terminal equipment can be forwarded by the gateway/router, after the TCP data packet sent by the terminal equipment is received, whether the TCP data packet carries a client hello message, namely a ClientHello message, is judged, and the received ClientHello message sent by the terminal equipment indicates that the terminal equipment initiates an SSL/TLS request. And if the TCP data packet sent by the terminal equipment carries the ClientHello message, inquiring a database according to the IP address of the terminal equipment, and inquiring the detection condition of the safety test item of the terminal equipment in the database. If the TCP packet does not carry the ClientHello message, it indicates that the security of SSL/TLS configuration for the terminal device does not need to be tested, and the TCP packet can be directly forwarded to the external network according to the original destination IP address of the TCP packet.
It should be noted that the security test items in the embodiment of the present application may include a protocol version security test, an encryption suite security test, a fuzzy message security test, and a certificate security test. A specific list of security test items is shown in table 1.
Table 1 terminal equipment safety test item list
If the result of the query of the database in step 201 is that all the security test items of the terminal device have been tested and passed, the TCP data packet is forwarded to the external network according to the original destination IP address of the TCP data packet, if the terminal device contains an incomplete security test item, the ClientHello message is responded, based on the incomplete security test item, the SSL/TLS test server is started to perform each security test item test, ServerHello messages and Certificate messages corresponding to each security test item are generated, and the ServerHello messages and Certificate messages are returned to the terminal device.
And 203, receiving a response message returned by the terminal equipment after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
It should be noted that, after receiving the ServerHello message and the Certificate message, the terminal device responds to the ServerHello message and the Certificate message based on the SSL/TLS configuration on the terminal device, returns a response message, and after receiving the response message returned by the terminal device, may determine whether the corresponding security test item passes the security test according to the response message, and generate a test result. For example, when testing a security item of an encryption suite, the SSL/TLS test server sends a test message with a security test item of "unsecure DES symmetric encryption algorithm", and if a response message returned by the terminal device is "reject", it indicates that the SSL/TLS configuration of the terminal device is secure, and a test result of the security test item is test pass, and if a response message returned by the terminal device is "accept", it indicates that the SSL/TLS configuration of the terminal device has a security risk, and a test result of the security test item is test fail.
And step 204, correspondingly storing the safety test items and the corresponding test results in a database.
It should be noted that, after each security test item is tested, each security test item of the terminal device and the corresponding test result are stored in the database in a one-to-one correspondence manner, so as to conveniently query the detection condition of the security test item of the terminal device.
For easy understanding, please refer to fig. 4, an embodiment of an apparatus for detecting security of SSL/TLS configuration of a terminal is provided in the present application, including:
and the detection module is used for receiving a TCP data packet sent by the terminal, and inquiring the detection condition of the safety test item of the terminal equipment in the database according to the equipment IP address of the terminal equipment if the TCP data packet carries the ClientHello message.
And the test module is used for forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet if all the safety test items of the terminal equipment are tested and pass the detection, starting the SSL/TLS test server to test each safety test item based on the unfinished safety test items if the terminal equipment contains the unfinished safety test items, generating corresponding ServerHello messages and Certificate messages, and returning the ServerHello messages and the Certificate messages to the terminal equipment.
And the response module is used for receiving a response message returned after the terminal equipment receives the ServerHello message and the Certificate message, and generating a test result according to the response message.
Further, still include:
and the storage module is used for correspondingly storing the safety test items and the corresponding test results in the database.
Further, the detection module is specifically configured to:
and receiving a TCP data packet transmitted by the terminal and forwarded by the gateway, and inquiring the detection condition of the security test item of the terminal equipment in the database according to the equipment IP address of the terminal equipment if the TCP data packet carries the ClientHello message.
The detection module is further configured to:
and if the TCP data packet does not carry the ClientHello message, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet.
To facilitate understanding, referring to fig. 2, an embodiment of a system for detecting security of SSL/TLS configuration of a terminal is provided, including: the device for detecting the security of the SSL/TLS configuration of the terminal comprises terminal equipment, a gateway, a database and the device for detecting the security of the SSL/TLS configuration of the terminal in the embodiment of the device for detecting the security of the SSL/TLS configuration of the terminal;
the terminal equipment is used for sending a TCP data packet to the gateway;
the gateway is used for forwarding a TCP data packet to the device for detecting the SSL/TLS configuration security of the terminal;
the gateway is provided with an SSL/TLS test server;
the database is used for storing the safety test items and the corresponding test results.
A TCP data packet sent by a terminal device to an external network is forwarded to a device for detecting the SSL/TLS configuration security of the terminal after passing through a gateway/router, a detection module of the device for detecting the SSL/TLS configuration security of the terminal judges whether the TCP data packet is a ClientHello message, if the TCP data packet is the ClientHello message, a database is inquired, the IP address of the terminal device is used for inquiring whether the TCP data packet is tested, if the TCP data packet is not tested, a test module is started to respond to the ClientHello message, the response message sends different ServerHello messages and Certificate messages according to different security test items, finally, whether the terminal device passes the test item is judged according to the message returned by the terminal device, and a test result is stored in the database.
The application provides an embodiment of a device for detecting security of SSL/TLS configuration of a terminal, wherein the device comprises a processor and a memory:
the memory is used for storing the program codes and transmitting the program codes to the processor;
the processor is used for executing any one of the above-mentioned method embodiments for detecting the security of the SSL/TLS configuration of the terminal according to the instructions in the program code.
In the several embodiments provided in the present application, it should be understood that the disclosed system and method may be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of the modules is merely a logical division, and in actual implementation, there may be other divisions, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present application may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer system (which may be a personal computer, a server, or a network system) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (8)
1. A method for detecting security of SSL/TLS configuration of a terminal is characterized by comprising the following steps:
correspondingly storing the safety test items and the corresponding test results in a database;
receiving a TCP data packet sent by a terminal, and inquiring the detection condition of a safety test item of the terminal in the database according to the equipment IP address of the terminal if the TCP data packet carries a ClientHello message;
if all the security test items of the terminal are tested and pass the detection, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet, if the terminal contains unfinished security test items, starting an SSL/TLS test server to test each security test item based on the unfinished security test items, generating corresponding ServerHello messages and Certificate messages, and returning the ServerHello messages and the Certificate messages to the terminal;
and receiving a response message returned by the terminal after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
2. The method for detecting the security of the SSL/TLS configuration of the terminal as claimed in claim 1, wherein the receiving of the TCP packet sent by the terminal queries, if the TCP packet carries a ClientHello message, the detection condition of the security test item of the terminal in the database according to the IP address of the terminal, and the method comprises:
and receiving a TCP data packet transmitted by the terminal and forwarded by the gateway, and inquiring the detection condition of the security test item of the terminal in a database according to the equipment IP address of the terminal if the TCP data packet carries the ClientHello message.
3. The method for detecting the security of the SSL/TLS configuration of the terminal as claimed in claim 1, wherein the receiving terminal sends a TCP packet, and if the TCP packet carries a ClientHello message, the receiving terminal queries, in a database, the detection condition of the security test item of the terminal according to the IP address of the terminal, further comprising:
and if the TCP data packet does not carry the ClientHello message, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet.
4. The method for detecting the security of the SSL/TLS configuration of the terminal as claimed in claim 1, wherein the security test items comprise a protocol version security test, a cryptographic suite security test, a fuzzy message security test and a certificate security test.
5. An apparatus for detecting security of SSL/TLS configuration of a terminal, comprising:
the storage module is used for correspondingly storing the safety test items and the corresponding test results in the database;
the detection module is used for receiving a TCP data packet sent by a terminal, and inquiring the detection condition of a safety test item of the terminal in the database according to the equipment IP address of the terminal if the TCP data packet carries a ClientHello message;
the testing module is used for forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet if all the security testing items of the terminal are tested and pass the detection, starting an SSL/TLS testing server to test each security testing item based on the unfinished security testing item if the terminal contains the unfinished security testing item, generating corresponding ServerHello messages and Certificate messages, and returning the ServerHello messages and the Certificate messages to the terminal;
and the response module is used for receiving a response message returned by the terminal after receiving the ServerHello message and the Certificate message, and generating a test result according to the response message.
6. The apparatus for detecting security of SSL/TLS configuration on a terminal according to claim 5, wherein the detection module is specifically configured to:
receiving a TCP data packet transmitted by a terminal and forwarded by a gateway, and inquiring the detection condition of a safety test item of the terminal in a database according to the equipment IP address of the terminal if the TCP data packet carries a ClientHello message;
the detection module is further configured to:
and if the TCP data packet does not carry the ClientHello message, forwarding the TCP data packet to an external network according to the original destination IP address of the TCP data packet.
7. A system for detecting security of SSL/TLS configuration at a terminal, comprising: a terminal, a gateway, a database and a device for detecting the security of SSL/TLS configuration of the terminal as claimed in any one of claims 5-6;
the terminal is used for sending a TCP data packet to the gateway;
the gateway is used for forwarding the TCP data packet to the device for detecting the SSL/TLS configuration security of the terminal;
the gateway is provided with an SSL/TLS test server;
the database is used for storing the safety test items and the corresponding test results.
8. An apparatus for detecting security of SSL/TLS configuration of a terminal, the apparatus comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the method for detecting security of SSL/TLS configuration of the terminal according to any one of claims 1-4 according to instructions in the program code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010243660.8A CN111464387B (en) | 2020-03-31 | 2020-03-31 | Method, device, system and equipment for detecting security of SSL/TLS configuration of terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010243660.8A CN111464387B (en) | 2020-03-31 | 2020-03-31 | Method, device, system and equipment for detecting security of SSL/TLS configuration of terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111464387A CN111464387A (en) | 2020-07-28 |
| CN111464387B true CN111464387B (en) | 2022-02-25 |
Family
ID=71680178
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010243660.8A Active CN111464387B (en) | 2020-03-31 | 2020-03-31 | Method, device, system and equipment for detecting security of SSL/TLS configuration of terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111464387B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115701026A (en) * | 2021-07-21 | 2023-02-07 | 中移物联网有限公司 | Test method, device and terminal for transport layer security protocol |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102263826A (en) * | 2011-08-11 | 2011-11-30 | 华为技术有限公司 | Method and device for establishing connection with transport layer |
| CN103297437A (en) * | 2013-06-20 | 2013-09-11 | 中国软件与技术服务股份有限公司 | Safety server access method for mobile intelligent terminal |
| CN105591959A (en) * | 2014-10-24 | 2016-05-18 | 华耀(中国)科技有限公司 | System and method for load balancing by SSL session resuming |
| CN105872534A (en) * | 2016-04-05 | 2016-08-17 | Tcl海外电子(惠州)有限公司 | Terminal testing method and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10681075B2 (en) * | 2015-12-28 | 2020-06-09 | Netsec Concepts LLC | Detection of SSL / TLS malware beacons |
| CN108566361B (en) * | 2018-01-05 | 2020-08-21 | 武汉信安珞珈科技有限公司 | Security parameter negotiation method and system based on SSL/TLS protocol |
-
2020
- 2020-03-31 CN CN202010243660.8A patent/CN111464387B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102263826A (en) * | 2011-08-11 | 2011-11-30 | 华为技术有限公司 | Method and device for establishing connection with transport layer |
| CN103297437A (en) * | 2013-06-20 | 2013-09-11 | 中国软件与技术服务股份有限公司 | Safety server access method for mobile intelligent terminal |
| CN105591959A (en) * | 2014-10-24 | 2016-05-18 | 华耀(中国)科技有限公司 | System and method for load balancing by SSL session resuming |
| CN105872534A (en) * | 2016-04-05 | 2016-08-17 | Tcl海外电子(惠州)有限公司 | Terminal testing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111464387A (en) | 2020-07-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7890752B2 (en) | Methods, systems, and computer program products for associating an originator of a network packet with the network packet using biometric information | |
| US8756697B2 (en) | Systems and methods for determining vulnerability to session stealing | |
| CN109309685B (en) | Information transmission method and device | |
| JP6435695B2 (en) | Controller and its attacker detection method | |
| KR101907770B1 (en) | Communication protocol testing method, and tested device and testing platform thereof | |
| CN101180826A (en) | Upper-level protocol authentication | |
| CN103313429A (en) | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot | |
| JP6084278B1 (en) | Information processing apparatus, method, and program | |
| CN103338211A (en) | Malicious URL (unified resource locator) authenticating method and device | |
| CN110113351B (en) | CC attack protection method and device, storage medium and computer equipment | |
| CN111064755B (en) | Data protection method and device, computer equipment and storage medium | |
| CN104580553A (en) | Identification method and device for network address translation device | |
| CN111464387B (en) | Method, device, system and equipment for detecting security of SSL/TLS configuration of terminal | |
| CN113132406B (en) | Detection method, device and medium for discovering network threat based on SSH flow | |
| CN110912907A (en) | Attack protection method and device in SSL handshake phase | |
| CA2793422C (en) | Hypertext link verification in encrypted e-mail for mobile devices | |
| CN112291248A (en) | Method and equipment for protecting HTTPS DDoS attack | |
| EP4106268B1 (en) | Method for detecting anomalies in ssl and/or tls communications, corresponding device, and computer program product | |
| CN110677424B (en) | Electric power firewall falsification addressing filtering method based on Hash algorithm | |
| CN107707510B (en) | Information pushing method, device and system | |
| CN108494731A (en) | A kind of anti-network scanning method based on bidirectional identity authentication | |
| CN114666129B (en) | Network security authentication method, system, computer device and storage medium | |
| CN113542239B (en) | Authentication method, system, device and storage medium based on Web monitoring | |
| CN115694843B (en) | Camera access management method, system, device and medium for avoiding counterfeiting | |
| CN112995277B (en) | Access processing method and device and proxy server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |