TLS指纹修改及配置

Author Avatar
Tisoz 7月 21, 2022
  • 在其它设备中阅读本文章

升级centos自带python的pycurl

1
2
3
4
5
6
7
8
9
yum -y install python2-devel
yum -y install libcurl-devel
//国外源
wget https://files.pythonhosted.org/packages/ef/05/4b773f74f830a90a326b06f9b24e65506302ab049e825a3c0b60b1a6e26a/pycurl-7.43.0.5.tar.gz
//国内源
wget https://oss.tisoz.com/pycurl-7.43.0.5.tar.gz
tar xf pycurl-7.43.0.5.tar.gz
cd pycurl-7.43.0.5
python setup.py --with-nss install

boringssl前置环境

cmake 3.8及以上

1
2
3
4
5
6
7
8
9
10
cd /root
yum install -y gcc gcc-c++ make automake
//国外源
wget https://github.com/Kitware/CMake/releases/download/v3.15.5/cmake-3.15.5.tar.gz
//国内源
wget https://oss.tisoz.com/cmake-3.15.5.tar.gz
tar -zxvf cmake-3.15.5.tar.gz
cd cmake-3.15.5
./bootstrap && make -j4 && sudo make install
cmake -version

最新版本perl

1
2
3
4
5
6
7
8
9
10
11
12
cd /root
yum -y remove perl
yum -y install gcc cpan
//国外源
wget http://www.cpan.org/src/5.0/perl-5.26.1.tar.gz 
//国内源
wget https://oss.tisoz.com/perl-5.26.1.tar.gz
tar -zxvf perl-5.26.1.tar.gz 
cd perl-5.26.1
./Configure -des -Dprefix=/usr/local/perl
make && make install
perl -v

ninja安装

1
yum -y install ninja-build

gcc6.1版本以上安装

1
2
3
yum install -y centos-release-scl 
yum install -y devtoolset-7-gcc*
scl enable devtoolset-7 bash

go安装

1
2
3
yum -y install libunwind-devel libunwind 
yum -y install epel-release
yum -y install go

编译boringssl

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
cd /root
mkdir boringssl
cd boringssl
//国外源
wget https://boringssl.googlesource.com/boringssl/+archive/refs/heads/master.tar.gz
//国内源
wget https://oss.tisoz.com/boringssl-refs_heads_master.tar.gz
go env -w GOPROXY=https://mirrors.aliyun.com/goproxy

tar xf master.tar.gz
mkdir build
cd build
cmake -GNinja ..
cd ..
vim CMakeLists.txt

//在这行后面添加
if(CMAKE_COMPILER_IS_GNUCXX OR CLANG)
-fPIC

cd build
ninja
cd ..
mkdir lib 
cd lib

ln -s ../build/ssl/libssl.a
ln -s ../build/crypto/libcrypto.a

libcurl配置boringssl

1
2
3
4
5
6
7
8
9
10
11
cd /root
yum -y install libcurl-devel
//国外源
wget https://curl.se/download/curl-7.76.1.tar.gz --no-check-certificate
//国内源
wget https://oss.tisoz.com/curl-7.76.1.tar.gz
tar -zxvf curl-7.76.1.tar.gz
cd curl-7.76.1
./configure --with-ssl=/root/boringssl
exit
make && make install

python安装pycurl

1
2
yum -y install python3-devel
pip3 install pycurl

TLS检测网址

1
https://www.howsmyssl.com/a/check

old linker版本冲突

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
大概浏览了一下,网上很多是用 pip 卸载后重新安装,不过我的系统是Python2和python3共存,其实这个提示已经很清楚了——系统的libcurl库文件和后安装的不一致。
系统中,我们后安装的libcurl库一般都在/usr/local/lib中,一般有两个文件,以我的系统为例
libcurl.so
libcurl.so.4 -> libcurl.so.4.5.0

然后系统自带的libcurl库,在/usr/lib64中,目前只发现一个文件
libcurl.so.4 -> libcurl.so.4.3.0

我们只要把新安装的 libcurl.so 和 libcurl.so.4.5.0 拷贝到 /usr/lib64 中,并删除原 libcurl.so.4 软链,并在 /usr/lib64 中建立新的 libcurl.so.4 软链文件
# ln -s libcurl.so.4.5.0 libcurl.so.4
ldd /usr/lib64/python2.7/site-packages/pycurl.so
ldconfig -p|grep curl
ldconfig -v | grep libcurl 
/usr/local/lib/libcurl.so.4
/usr/local/lib/libcurl.so

vi test.sh
//vultr
rm -rf /usr/lib64/libcurl.so.4.3.0
rm -rf /usr/lib64/libcurl.so.4
rm -rf /usr/lib64/libcurl.so
ln -s  /usr/local/lib/libcurl.so.4 /usr/lib64/libcurl.so.4
ln -s  /usr/local/lib/libcurl.so.4 /usr/lib64/libcurl.so.4.3.0
ln -s  /usr/local/lib/libcurl.so /usr/lib64/libcurl.so

//aliyun
rm -rf /lib64/libcurl.so.4.3.0
rm -rf /lib64/libcurl.so.4
rm -rf /lib64/libcurl.so
ln -s  /usr/local/lib/libcurl.so.4 /lib64/libcurl.so.4
ln -s  /usr/local/lib/libcurl.so.4 /lib64/libcurl.so.4.3.0
ln -s  /usr/local/lib/libcurl.so /lib64/libcurl.so
chmod 777 test.sh
./test.sh

修复更换curl组件后yum报错

1
2
3
4
5
6
cd /root
rm -rf pycurl-7.43.0.5
tar xf pycurl-7.43.0.5.tar.gz
cd pycurl-7.43.0.5
python setup.py install

This blog is under a CC BY-NC-SA 3.0 Unported License
本文链接:http://www.tisoz.com/2022/07/21/TLS%E6%8C%87%E7%BA%B9%E4%BF%AE%E6%94%B9%E5%8F%8A%E9%85%8D%E7%BD%AE/