你知道你有多少的密碼在網路上裸奔嗎？看到網站有綠色鎖頭就真的一定安全嗎？今天不跟你說艱深的密碼學，直接手把手教你如何辨識網路服務的安全性並且快速讓你網站服務有最基本的安全

1. HTTPS
Henry@NISRA
2016/12/19

2. • HTTP HTTPS
◦ HTTPS
◦
•
◦
◦
◦ EV HTTPS
• HTTPS
◦
◦
◦
◦ Let’s Encrypt
• HTTPS
◦ SSLLAB
◦ HTTPS
◦ HTTPS
• DEMO QA

3. HTTPS

4. HTTP

5. HTTPS
TCP HTTP TLS

8. HTTPS

10. HTTPS
• -
• -
• - Google HTTPS SEO
• - Chrome Geolocation HTTPS
• - Apple iOS App 2017 HTTPS

11. HTTPS V.S. HTTP
HTTP =
HTTP

12. •
HTTPS -

14. HTTPS
HTTPS -

16. •
• DNS
•
...

18. SHA1

24. SINGLE DOMAIN WILD CARD

25. SINGLE DOMAIN WILD CARD

27. /

31. ... ...

32. VERISIGN ...

33. • Privacy Key
•
•
•

34. ...

35. • HTTPS
• IE Firefox Chrome
360 QQ .......
•

36. LET'S ENCRYPT
•
• 90

37. GEA-SUAN LIN
HTTPS://LETSENCRYPT.TW/

39. HTTPS SSLAB
•
•
• F

40. HTTPS
A+ F

43. TESTSSL.SH
https://testssl.sh/

44. HTTPS

45. HTTPS
•
•
•
•

46. HTTPS
HTTP TCP RTT
HTTPS TCP + SSL RTT

47. HTTPS
$ curl -w "TCP handshake: %{time_connect}, SSL handshake: %
{time_appconnect}n" -so /dev/null https://www.alipay.com

48. HTTPS
•
•
HTTPS
• HTTPS

49. HTTPS
• HTTPS
•
•

50. HTTPS
•
IE6

51. HTTPS

52. HTTPS

53. HTTPS
• SSLv2 SSLv3
• Cipher Strength MD5 1024 bit
• HSTS HTTP StrictTransport Security
• Perfect Forward Secrecy
• Weak Diffie-Hellman(DH)

55. CIPHERLI.ST
https://cipherli.st/

57. MOZILLA SSL CONFIGURATION GENERATOR
https://mozilla.github.io/server-side-tls/ssl-config-generator/

58. HTTPS

59. HTTPS
• TLS False Start
• Certificate-Chain
• Session Resumption
• OCSP Stapling

60. HTTPS
• TLS False Start
Client Change Cipher Spec Finished
Application Data TLS
Application Data

61. HTTPS
• Certificate-Chain
-> ->
ECC

62. HTTPS
• Session Resumption
RTT

63. HTTPS
• OCSP Stapling
OCSP
OCSP Stapling
OCSP
OCSP
Responder

64. HTTPS HTTPS

65. DEMOTIME