吐槽一下钉钉域名竟然不支持 tls1.3

TLS 版本都是自动协商的，不支持 1.3 会自动回退到 1.2 ，看看是不是环境的问题

国内不支持 TLS1.3 的网站多了去了

支持 tls 1.3 啊

@zengxs 没有回退，环境是指 jdk 吗？ jdk8u372 容器

@fredcc 你是用什么测试的？我用命令 nmap --script ssl-enum-ciphers -p 443 oapi.dingtalk.com

钉钉的域名支持 TLS1.3 ；
你的检测结果中没有显示 TLS 1.3 的原因是你用的 nmap 版本比较旧（ 7.6 版本的 nmap 发布时候还没有 TLS 1.3 协议），换个最新版本 nmap 就可以。

你用的这个 nmap 版本号是 7.60 ，发布日期是 2017-07-31 详见： https://svn.nmap.org/nmap-releases/nmap-7.60/CHANGELOG 。

TLS 1.3 协议是 2018 年 8 月发布的，详见 IETF 文档： https://datatracker.ietf.org/doc/html/rfc8446

nmap 在 2021 年 12 月才支持了 TLS 1.3 ，详见代码提交记录： https://github.com/mzet-/Nmap-for-Pen-Testers/commit/f55c200783af64f2ecb286244056e83098d74e97

最新的 nmap 7.95 版本检测钉钉域名是支持 TLS 1.3 的：
```
$ nmap --script ssl-enum-ciphers -p 443 oapi.dingtalk.com
Starting Nmap 7.95 ( https://nmap.org ) at 2024-08-05 14:08 CST
Nmap scan report for oapi.dingtalk.com (106.11.35.100)
Host is up (0.047s latency).
Other addresses for oapi.dingtalk.com (not scanned): 2401:b180:2000:80::d 2401:b180:2000:50::b 2401:b180:2000:60::f 2401:b180:2000:70::e

PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
| NULL
| cipher preference: server
| TLSv1.3:
| ciphers:
| TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
| TLS_AKE_WITH_SM4_CCM_SM3 (ecdh_x25519) - A
| TLS_AKE_WITH_SM4_GCM_SM3 (ecdh_x25519) - A
| cipher preference: server
|_ least strength: A

Nmap done: 1 IP address (1 host up) scanned in 3.58 seconds
```

SSL Labs 检测结果也同样显示支持 TLS 1.3： https://www.ssllabs.com/ssltest/analyze.html?d=oapi.dingtalk.com
p.s. 这个域名还在支持 TLS 1.0 和 TLS 1.1 的原因是还有很多企业不支持更高版本的 TLS 。不过安全团队针对低版本的 TLS 的加密套件做了定制，剔除一些低版本中有重大风险的加密套件。


@zealot 疏忽了，原来 nmap 旧版的原因
不过从 java debug 看的确是 tls 版本不对所以握手失败，也没有回退到 1.2
```
javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.427 CST|SSLSocketOutputRecord.java:241|WRITE: TLS13 handshake, length = 520

javax.net.ssl|FINE|34|DubboServerHandler-172.31.0.225:20884-thread-3|2024-08-02 10:34:55.442 CST|SSLSocketInputRecord.java:213|READ: TLSv1.2 alert, length = 2
```

另外从你的结果看，tls1.3 支持的加密套件没有 RSA 的，这个我有点疑惑啊，他的证书是用 RSA 签发吧

可以的.
➜ ~ curl -v -I --tls-max 1.3 https://oapi.dingtalk.com
* Host oapi.dingtalk.com:443 was resolved.
* IPv6: (none)
* IPv4: 106.11.43.136
* Trying 106.11.43.136:443...
* Connected to oapi.dingtalk.com (106.11.43.136) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /opt/anaconda3/ssl/cacert.pem
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: C=CN; ST=ZheJiang; L=HangZhou; O=Alibaba (China) Technology Co., Ltd.; CN=*.dingtalk.com
* start date: Apr 8 04:56:05 2024 GMT
* expire date: May 10 04:56:04 2025 GMT
* subjectAltName: host "oapi.dingtalk.com" matched cert's "*.dingtalk.com"
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Organization Validation CA - SHA256 - G3
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha1WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://oapi.dingtalk.com/

@zong400 https://github.com/drwetter/testssl.sh

检测结果看人家的策略没啥问题，抓个网络包看下握手失败原因吧。

@zong400 RSA 是很老的算法了，ECC 综合指标显著优于 RSA ，了解技术的都会在 TLS 1.3 里采用 ECC 而不是 RSA

@zealot 我意思是从浏览器看到证书是用 RSA 签的，但是你的 nmap 结果里面 tls1.3 ciphers 都是 TLS_AKE_WITH_XXX ，没有 TLS_RSA_WITH_XXX

你项目中有用到 OkHttp 的库嘛？看看是不是版本冲突了，低版本可能不支持 TLSv1.3