O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Nisra16 你的 https 真的安全嗎?

4.438 visualizações

Publicada em

你知道你有多少的密碼在網路上裸奔嗎?看到網站有綠色鎖頭就真的一定安全嗎?今天不跟你說艱深的密碼學,直接手把手教你如何辨識網路服務的安全性並且快速讓你網站服務有最基本的安全

Publicada em: Tecnologia
  • Seja o primeiro a comentar

Nisra16 你的 https 真的安全嗎?

  1. 1. HTTPS Henry@NISRA 2016/12/19
  2. 2. • HTTP HTTPS ◦ HTTPS ◦ • ◦ ◦ ◦ EV HTTPS • HTTPS ◦ ◦ ◦ ◦ Let’s Encrypt • HTTPS ◦ SSLLAB ◦ HTTPS ◦ HTTPS • DEMO QA
  3. 3. HTTPS
  4. 4. HTTP
  5. 5. HTTPS TCP HTTP TLS
  6. 6. HTTPS
  7. 7. HTTPS • - • - • - Google HTTPS SEO • - Chrome Geolocation HTTPS • - Apple iOS App 2017 HTTPS
  8. 8. HTTPS V.S. HTTP HTTP = HTTP
  9. 9. • 
 HTTPS -
  10. 10. HTTPS HTTPS -
  11. 11. • • DNS • ...
  12. 12. SHA1
  13. 13. SINGLE DOMAIN WILD CARD
  14. 14. SINGLE DOMAIN WILD CARD
  15. 15. /
  16. 16. ... ...
  17. 17. VERISIGN ...
  18. 18. • Privacy Key • • •
  19. 19. ...
  20. 20. • HTTPS • IE Firefox Chrome 360 QQ ....... •
  21. 21. LET'S ENCRYPT • • 90
  22. 22. GEA-SUAN LIN HTTPS://LETSENCRYPT.TW/
  23. 23. HTTPS SSLAB • • • F
  24. 24. HTTPS A+ F
  25. 25. TESTSSL.SH https://testssl.sh/
  26. 26. HTTPS
  27. 27. HTTPS • • • •
  28. 28. HTTPS 
 HTTP TCP RTT 
 HTTPS TCP + SSL RTT
  29. 29. HTTPS 
 $ curl -w "TCP handshake: %{time_connect}, SSL handshake: % {time_appconnect}n" -so /dev/null https://www.alipay.com
  30. 30. HTTPS • • HTTPS • HTTPS
  31. 31. HTTPS • HTTPS • •
  32. 32. HTTPS • IE6
  33. 33. HTTPS
  34. 34. HTTPS
  35. 35. HTTPS • SSLv2 SSLv3 • Cipher Strength MD5 1024 bit • HSTS HTTP StrictTransport Security • Perfect Forward Secrecy • Weak Diffie-Hellman(DH)
  36. 36. CIPHERLI.ST https://cipherli.st/
  37. 37. MOZILLA SSL CONFIGURATION GENERATOR https://mozilla.github.io/server-side-tls/ssl-config-generator/
  38. 38. HTTPS
  39. 39. HTTPS • TLS False Start • Certificate-Chain • Session Resumption • OCSP Stapling
  40. 40. HTTPS • TLS False Start Client Change Cipher Spec Finished Application Data TLS Application Data
  41. 41. HTTPS • Certificate-Chain -> -> ECC
  42. 42. HTTPS • Session Resumption RTT
  43. 43. HTTPS • OCSP Stapling OCSP OCSP Stapling OCSP OCSP Responder
  44. 44. HTTPS HTTPS
  45. 45. DEMOTIME

×