Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Nisra16 你的 https 真的安全嗎?

你知道你有多少的密碼在網路上裸奔嗎?看到網站有綠色鎖頭就真的一定安全嗎?今天不跟你說艱深的密碼學,直接手把手教你如何辨識網路服務的安全性並且快速讓你網站服務有最基本的安全

  • Be the first to comment

Nisra16 你的 https 真的安全嗎?

  1. 1. HTTPS Henry@NISRA 2016/12/19
  2. 2. • HTTP HTTPS ◦ HTTPS ◦ • ◦ ◦ ◦ EV HTTPS • HTTPS ◦ ◦ ◦ ◦ Let’s Encrypt • HTTPS ◦ SSLLAB ◦ HTTPS ◦ HTTPS • DEMO QA
  3. 3. HTTPS
  4. 4. HTTP
  5. 5. HTTPS TCP HTTP TLS
  6. 6. HTTPS
  7. 7. HTTPS • - • - • - Google HTTPS SEO • - Chrome Geolocation HTTPS • - Apple iOS App 2017 HTTPS
  8. 8. HTTPS V.S. HTTP HTTP = HTTP
  9. 9. • 
 HTTPS -
  10. 10. HTTPS HTTPS -
  11. 11. • • DNS • ...
  12. 12. SHA1
  13. 13. SINGLE DOMAIN WILD CARD
  14. 14. SINGLE DOMAIN WILD CARD
  15. 15. /
  16. 16. ... ...
  17. 17. VERISIGN ...
  18. 18. • Privacy Key • • •
  19. 19. ...
  20. 20. • HTTPS • IE Firefox Chrome 360 QQ ....... •
  21. 21. LET'S ENCRYPT • • 90
  22. 22. GEA-SUAN LIN HTTPS://LETSENCRYPT.TW/
  23. 23. HTTPS SSLAB • • • F
  24. 24. HTTPS A+ F
  25. 25. TESTSSL.SH https://testssl.sh/
  26. 26. HTTPS
  27. 27. HTTPS • • • •
  28. 28. HTTPS 
 HTTP TCP RTT 
 HTTPS TCP + SSL RTT
  29. 29. HTTPS 
 $ curl -w "TCP handshake: %{time_connect}, SSL handshake: % {time_appconnect}n" -so /dev/null https://www.alipay.com
  30. 30. HTTPS • • HTTPS • HTTPS
  31. 31. HTTPS • HTTPS • •
  32. 32. HTTPS • IE6
  33. 33. HTTPS
  34. 34. HTTPS
  35. 35. HTTPS • SSLv2 SSLv3 • Cipher Strength MD5 1024 bit • HSTS HTTP StrictTransport Security • Perfect Forward Secrecy • Weak Diffie-Hellman(DH)
  36. 36. CIPHERLI.ST https://cipherli.st/
  37. 37. MOZILLA SSL CONFIGURATION GENERATOR https://mozilla.github.io/server-side-tls/ssl-config-generator/
  38. 38. HTTPS
  39. 39. HTTPS • TLS False Start • Certificate-Chain • Session Resumption • OCSP Stapling
  40. 40. HTTPS • TLS False Start Client Change Cipher Spec Finished Application Data TLS Application Data
  41. 41. HTTPS • Certificate-Chain -> -> ECC
  42. 42. HTTPS • Session Resumption RTT
  43. 43. HTTPS • OCSP Stapling OCSP OCSP Stapling OCSP OCSP Responder
  44. 44. HTTPS HTTPS
  45. 45. DEMOTIME

    Be the first to comment

    Login to see the comments

  • leidottw

    Dec. 20, 2016
  • reyescheng3

    Dec. 21, 2016
  • ajdfajdfl

    Dec. 21, 2016
  • guojunzhang90

    Dec. 21, 2016
  • Johnny53

    Dec. 21, 2016
  • relifeted

    Dec. 21, 2016
  • NickChen51

    Dec. 21, 2016
  • EricLu27

    Dec. 21, 2016
  • slinbody

    Dec. 21, 2016
  • yijhenglin

    Dec. 22, 2016
  • fredsl

    Dec. 22, 2016
  • balduran

    Dec. 27, 2016
  • mangoice

    Dec. 29, 2016
  • heracles_jam

    Dec. 29, 2016
  • pomelo8121

    Jan. 2, 2017
  • BruceLi2

    Feb. 19, 2017
  • JackHu5

    Apr. 7, 2017
  • chhuang0123

    May. 24, 2017
  • DubaiEscortBunniesUAE

    May. 30, 2017
  • ywdblog

    Jun. 13, 2017

你知道你有多少的密碼在網路上裸奔嗎?看到網站有綠色鎖頭就真的一定安全嗎?今天不跟你說艱深的密碼學,直接手把手教你如何辨識網路服務的安全性並且快速讓你網站服務有最基本的安全

Views

Total views

5,042

On Slideshare

0

From embeds

0

Number of embeds

35

Actions

Downloads

68

Shares

0

Comments

0

Likes

42

×