Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Nisra16 你的 https 真的安全嗎?

4,355 views

Published on

你知道你有多少的密碼在網路上裸奔嗎?看到網站有綠色鎖頭就真的一定安全嗎?今天不跟你說艱深的密碼學,直接手把手教你如何辨識網路服務的安全性並且快速讓你網站服務有最基本的安全

Published in: Technology
  • Be the first to comment

Nisra16 你的 https 真的安全嗎?

  1. 1. HTTPS Henry@NISRA 2016/12/19
  2. 2. • HTTP HTTPS ◦ HTTPS ◦ • ◦ ◦ ◦ EV HTTPS • HTTPS ◦ ◦ ◦ ◦ Let’s Encrypt • HTTPS ◦ SSLLAB ◦ HTTPS ◦ HTTPS • DEMO QA
  3. 3. HTTPS
  4. 4. HTTP
  5. 5. HTTPS TCP HTTP TLS
  6. 6. HTTPS
  7. 7. HTTPS • - • - • - Google HTTPS SEO • - Chrome Geolocation HTTPS • - Apple iOS App 2017 HTTPS
  8. 8. HTTPS V.S. HTTP HTTP = HTTP
  9. 9. • 
 HTTPS -
  10. 10. HTTPS HTTPS -
  11. 11. • • DNS • ...
  12. 12. SHA1
  13. 13. SINGLE DOMAIN WILD CARD
  14. 14. SINGLE DOMAIN WILD CARD
  15. 15. /
  16. 16. ... ...
  17. 17. VERISIGN ...
  18. 18. • Privacy Key • • •
  19. 19. ...
  20. 20. • HTTPS • IE Firefox Chrome 360 QQ ....... •
  21. 21. LET'S ENCRYPT • • 90
  22. 22. GEA-SUAN LIN HTTPS://LETSENCRYPT.TW/
  23. 23. HTTPS SSLAB • • • F
  24. 24. HTTPS A+ F
  25. 25. TESTSSL.SH https://testssl.sh/
  26. 26. HTTPS
  27. 27. HTTPS • • • •
  28. 28. HTTPS 
 HTTP TCP RTT 
 HTTPS TCP + SSL RTT
  29. 29. HTTPS 
 $ curl -w "TCP handshake: %{time_connect}, SSL handshake: % {time_appconnect}n" -so /dev/null https://www.alipay.com
  30. 30. HTTPS • • HTTPS • HTTPS
  31. 31. HTTPS • HTTPS • •
  32. 32. HTTPS • IE6
  33. 33. HTTPS
  34. 34. HTTPS
  35. 35. HTTPS • SSLv2 SSLv3 • Cipher Strength MD5 1024 bit • HSTS HTTP StrictTransport Security • Perfect Forward Secrecy • Weak Diffie-Hellman(DH)
  36. 36. CIPHERLI.ST https://cipherli.st/
  37. 37. MOZILLA SSL CONFIGURATION GENERATOR https://mozilla.github.io/server-side-tls/ssl-config-generator/
  38. 38. HTTPS
  39. 39. HTTPS • TLS False Start • Certificate-Chain • Session Resumption • OCSP Stapling
  40. 40. HTTPS • TLS False Start Client Change Cipher Spec Finished Application Data TLS Application Data
  41. 41. HTTPS • Certificate-Chain -> -> ECC
  42. 42. HTTPS • Session Resumption RTT
  43. 43. HTTPS • OCSP Stapling OCSP OCSP Stapling OCSP OCSP Responder
  44. 44. HTTPS HTTPS
  45. 45. DEMOTIME

×