我想使用SSPI(Schannel)建立安全连接 我不能用AES256作为密码套件。在我看到here时,我必须定义自己的算法列表以禁用AES256密码套件,我将ALG_ID参数设置为CALG_RSA_KEYX chiper,但我在wireshark捕获中看到我的应用程序仍然选择“TLS_RSA_WITH_AES_256_CBC_SHA”。
下面的代码段显示了如何创建安全上下文。此代码取自here,我将其更改为采用算法列表而不是使用默认的OS算法:
TimeStamp tsExpiry;
SECURITY_STATUS Status;
DWORD cSupportedAlgs = 0;
ALG_ID rgbSupportedAlgs[16];
PCCERT_CONTEXT pCertContext = NULL;
certEnhkeyUsage.rgpszUsageIdentifier = usages;
// Build Schannel credential structure. Currently, this sample only
// specifies the protocol to be used (and optionally the certificate,
// of course). Real applications may wish to specify other parameters as well.
ZeroMemory( &SchannelCred, sizeof(SchannelCred) );
SchannelCred.dwVersion = SCHANNEL_CRED_VERSION;
SchannelCred.grbitEnabledProtocols = dwProtocol;
rgbSupportedAlgs[0] = CALG_RSA_KEYX;
cSupportedAlgs++;
SchannelCred.cSupportedAlgs = cSupportedAlgs;
SchannelCred.palgSupportedAlgs = rgbSupportedAlgs;
// Flags indicate the context behaviour.
SchannelCred.dwFlags |= SCH_CRED_NO_DEFAULT_CREDS;
SchannelCred.dwFlags |= SCH_CRED_AUTO_CRED_VALIDATION;
// Create an SSPI credential.
Status = g_pSSPI->AcquireCredentialsHandleA( NULL, // Name of principal
UNISP_NAME_A, // Name of package
SECPKG_CRED_OUTBOUND, // Flags indicating use
NULL, // Pointer to logon ID
&SchannelCred, // Package specific data
NULL, // Pointer to GetKey() func
NULL, // Value to pass to GetKey()
phCreds, // (out) Cred Handle
&tsExpiry ); // (out) Lifetime (optional)
if(Status != SEC_E_OK) printf("**** Error 0x%x returned by AcquireCredentialsHandle\n", Status);
return Status;
提前致谢。