Nisra16 你的 https 真的安全嗎?

Huang-I Yang
Huang-I YangBack End Developer at Rayark Inc.
HTTPS Henry@NISRA 2016/12/19
• HTTP HTTPS ◦ HTTPS ◦ • ◦ ◦ ◦ EV HTTPS • HTTPS ◦ ◦ ◦ ◦ Let’s Encrypt • HTTPS ◦ SSLLAB ◦ HTTPS ◦ HTTPS • DEMO QA
HTTPS
HTTP
HTTPS TCP HTTP TLS
Nisra16 你的 https 真的安全嗎?
Nisra16 你的 https 真的安全嗎?
HTTPS
Nisra16 你的 https 真的安全嗎?
HTTPS • - • - • - Google HTTPS SEO • - Chrome Geolocation HTTPS • - Apple iOS App 2017 HTTPS
HTTPS V.S. HTTP HTTP = HTTP
• 
 HTTPS -
Nisra16 你的 https 真的安全嗎?
HTTPS HTTPS -
Nisra16 你的 https 真的安全嗎?
• • DNS • ...
Nisra16 你的 https 真的安全嗎?
SHA1
Nisra16 你的 https 真的安全嗎?
Nisra16 你的 https 真的安全嗎?
Nisra16 你的 https 真的安全嗎?
Nisra16 你的 https 真的安全嗎?
Nisra16 你的 https 真的安全嗎?
SINGLE DOMAIN WILD CARD
SINGLE DOMAIN WILD CARD
Nisra16 你的 https 真的安全嗎?
/
Nisra16 你的 https 真的安全嗎?
Nisra16 你的 https 真的安全嗎?
Nisra16 你的 https 真的安全嗎?
... ...
VERISIGN ...
• Privacy Key • • •
...
• HTTPS • IE Firefox Chrome 360 QQ ....... •
LET'S ENCRYPT • • 90
GEA-SUAN LIN HTTPS://LETSENCRYPT.TW/
Nisra16 你的 https 真的安全嗎?
HTTPS SSLAB • • • F
HTTPS A+ F
Nisra16 你的 https 真的安全嗎?
Nisra16 你的 https 真的安全嗎?
TESTSSL.SH https://testssl.sh/
HTTPS
HTTPS • • • •
HTTPS 
 HTTP TCP RTT 
 HTTPS TCP + SSL RTT
HTTPS 
 $ curl -w "TCP handshake: %{time_connect}, SSL handshake: % {time_appconnect}n" -so /dev/null https://www.alipay.com
HTTPS • • HTTPS • HTTPS
HTTPS • HTTPS • •
HTTPS • IE6
HTTPS
HTTPS
HTTPS • SSLv2 SSLv3 • Cipher Strength MD5 1024 bit • HSTS HTTP StrictTransport Security • Perfect Forward Secrecy • Weak Diffie-Hellman(DH)
Nisra16 你的 https 真的安全嗎?
CIPHERLI.ST https://cipherli.st/
Nisra16 你的 https 真的安全嗎?
MOZILLA SSL CONFIGURATION GENERATOR https://mozilla.github.io/server-side-tls/ssl-config-generator/
HTTPS
HTTPS • TLS False Start • Certificate-Chain • Session Resumption • OCSP Stapling
HTTPS • TLS False Start Client Change Cipher Spec Finished Application Data TLS Application Data
HTTPS • Certificate-Chain -> -> ECC
HTTPS • Session Resumption RTT
HTTPS • OCSP Stapling OCSP OCSP Stapling OCSP OCSP Responder
HTTPS HTTPS
DEMOTIME
1 of 65

Nisra16 你的 https 真的安全嗎?

Download to read offline
Technology

你知道你有多少的密碼在網路上裸奔嗎?看到網站有綠色鎖頭就真的一定安全嗎?今天不跟你說艱深的密碼學,直接手把手教你如何辨識網路服務的安全性並且快速讓你網站服務有最基本的安全

Huang-I Yang
Huang-I YangBack End Developer at Rayark Inc.

Recommended

BigWP: Delivering the news over HTTPS by
BigWP: Delivering the news over HTTPSBigWP: Delivering the news over HTTPS
BigWP: Delivering the news over HTTPSPaul Schreiber
16.2K views58 slides
What is Nginx and Why You Should to Use it with Wordpress Hosting by
What is Nginx and Why You Should to Use it with Wordpress HostingWhat is Nginx and Why You Should to Use it with Wordpress Hosting
What is Nginx and Why You Should to Use it with Wordpress HostingWPSFO Meetup Group
882 views42 slides
2016-04-07-清大-國際化開源專案技術實務與經驗分享 by
2016-04-07-清大-國際化開源專案技術實務與經驗分享2016-04-07-清大-國際化開源專案技術實務與經驗分享
2016-04-07-清大-國際化開源專案技術實務與經驗分享Jen Yee Hong
29.8K views26 slides
FreeNAS 企業應用經驗分享 [2016/12/17] @台中資策會 by
FreeNAS 企業應用經驗分享 [2016/12/17] @台中資策會FreeNAS 企業應用經驗分享 [2016/12/17] @台中資策會
FreeNAS 企業應用經驗分享 [2016/12/17] @台中資策會Jason Cheng
10.9K views72 slides
TPET8演講: 非典型程式教育 by
TPET8演講: 非典型程式教育TPET8演講: 非典型程式教育
TPET8演講: 非典型程式教育Jen Yee Hong
7.3K views40 slides
Studies in Matthew by
Studies in MatthewStudies in Matthew
Studies in MatthewHouse to House Heart to Heart
22.4K views26 slides

More Related Content

Viewers also liked

How to boost your sales with cold emailing by
How to boost your sales with cold emailingHow to boost your sales with cold emailing
How to boost your sales with cold emailingTheFamily
22.5K views16 slides
The Traffic Trifecta: Driving More Sales Through Paid Search + Organic Social... by
The Traffic Trifecta: Driving More Sales Through Paid Search + Organic Social...The Traffic Trifecta: Driving More Sales Through Paid Search + Organic Social...
The Traffic Trifecta: Driving More Sales Through Paid Search + Organic Social...Internet Marketing Software - WordStream
17.4K views62 slides
The Top 10 Sales Conferences of 2016 by
The Top 10 Sales Conferences of 2016The Top 10 Sales Conferences of 2016
The Top 10 Sales Conferences of 2016Peak Sales Recruiting
31.3K views16 slides
10 Awesome Hypnotherapy Quotes by
10 Awesome Hypnotherapy Quotes10 Awesome Hypnotherapy Quotes
10 Awesome Hypnotherapy QuotesMindlife Hypnotherapy Singapore
23K views12 slides
Got Video?: Using Video to Speed up Sales by
Got Video?: Using Video to Speed up SalesGot Video?: Using Video to Speed up Sales
Got Video?: Using Video to Speed up SalesPGi
47.6K views11 slides
Church Sermon: GW 1 by
Church Sermon: GW 1Church Sermon: GW 1
Church Sermon: GW 1marikina4square
23.6K views8 slides

Viewers also liked(16)

How to boost your sales with cold emailing by TheFamily
How to boost your sales with cold emailingHow to boost your sales with cold emailing
How to boost your sales with cold emailing
TheFamily22.5K views
The Traffic Trifecta: Driving More Sales Through Paid Search + Organic Social... by Internet Marketing Software - WordStream
The Traffic Trifecta: Driving More Sales Through Paid Search + Organic Social...The Traffic Trifecta: Driving More Sales Through Paid Search + Organic Social...
The Traffic Trifecta: Driving More Sales Through Paid Search + Organic Social...
Internet Marketing Software - WordStream17.4K views
The Top 10 Sales Conferences of 2016 by Peak Sales Recruiting
The Top 10 Sales Conferences of 2016The Top 10 Sales Conferences of 2016
The Top 10 Sales Conferences of 2016
Peak Sales Recruiting31.3K views
10 Awesome Hypnotherapy Quotes by Mindlife Hypnotherapy Singapore
10 Awesome Hypnotherapy Quotes10 Awesome Hypnotherapy Quotes
10 Awesome Hypnotherapy Quotes
Mindlife Hypnotherapy Singapore 23K views
Got Video?: Using Video to Speed up Sales by PGi
Got Video?: Using Video to Speed up SalesGot Video?: Using Video to Speed up Sales
Got Video?: Using Video to Speed up Sales
PGi47.6K views
Church Sermon: GW 1 by marikina4square
Church Sermon: GW 1Church Sermon: GW 1
Church Sermon: GW 1
marikina4square23.6K views
Building the Workforce for the Future: 16 Smart Inside Sales Trends in 2016 [... by OpenView
Building the Workforce for the Future: 16 Smart Inside Sales Trends in 2016 [...Building the Workforce for the Future: 16 Smart Inside Sales Trends in 2016 [...
Building the Workforce for the Future: 16 Smart Inside Sales Trends in 2016 [...
OpenView32.3K views
Religion and The Walking dead by Mark Wheller
Religion and The Walking deadReligion and The Walking dead
Religion and The Walking dead
Mark Wheller21.4K views
Technology in Ministry by Ron Hudson
Technology in MinistryTechnology in Ministry
Technology in Ministry
Ron Hudson26.4K views
Deepak Chopra: A Path to Personal Forgiveness by Deepak Chopra MD (official)
Deepak Chopra: A Path to Personal ForgivenessDeepak Chopra: A Path to Personal Forgiveness
Deepak Chopra: A Path to Personal Forgiveness
Deepak Chopra MD (official)91.7K views
The Art Of War In Sales - Derek Grant by SalesLoft
The Art Of War In Sales - Derek GrantThe Art Of War In Sales - Derek Grant
The Art Of War In Sales - Derek Grant
SalesLoft24.4K views
[系列活動] 智慧製造與生產線上的資料科學 (製造資料科學:從預測性思維到處方性決策) by 台灣資料科學年會
[系列活動] 智慧製造與生產線上的資料科學 (製造資料科學:從預測性思維到處方性決策)[系列活動] 智慧製造與生產線上的資料科學 (製造資料科學:從預測性思維到處方性決策)
[系列活動] 智慧製造與生產線上的資料科學 (製造資料科學:從預測性思維到處方性決策)
台灣資料科學年會19.3K views
Webinar how to scale a dream sales team by MindTickle
Webinar how to scale a dream sales teamWebinar how to scale a dream sales team
Webinar how to scale a dream sales team
MindTickle20.7K views
What Am I Chopped Lizard? by Paul Bass
What Am I Chopped Lizard?What Am I Chopped Lizard?
What Am I Chopped Lizard?
Paul Bass30K views
Migrating ODF and LibreOffice in Taiwan by fweng322
Migrating ODF and LibreOffice in TaiwanMigrating ODF and LibreOffice in Taiwan
Migrating ODF and LibreOffice in Taiwan
fweng3222.3K views
She Did Not Consider Her Destiny by Dave Stewart
She Did Not Consider Her DestinyShe Did Not Consider Her Destiny
She Did Not Consider Her Destiny
Dave Stewart25.5K views

Similar to Nisra16 你的 https 真的安全嗎?

HTTPS The Road To A More Secure Web / SEOCamp Paris by
HTTPS The Road To A More Secure Web / SEOCamp ParisHTTPS The Road To A More Secure Web / SEOCamp Paris
HTTPS The Road To A More Secure Web / SEOCamp ParisAysun Akarsu
14.4K views58 slides
Everyone Screws Up HTTPS by
Everyone Screws Up HTTPSEveryone Screws Up HTTPS
Everyone Screws Up HTTPSpatrickstox
29.7K views22 slides
Decentralized storage IPFS & Ulord by
Decentralized storage IPFS & UlordDecentralized storage IPFS & Ulord
Decentralized storage IPFS & UlordSteven Li
320 views22 slides
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today by
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayHeroku
245.3K views48 slides
goaを使った開発TIPS@六本木一丁目 by
goaを使った開発TIPS@六本木一丁目goaを使った開発TIPS@六本木一丁目
goaを使った開発TIPS@六本木一丁目jumpei chikamori
903 views108 slides
HTTP Security Headers by
HTTP Security HeadersHTTP Security Headers
HTTP Security HeadersIsmael Goncalves
530 views43 slides

Similar to Nisra16 你的 https 真的安全嗎?(20)

HTTPS The Road To A More Secure Web / SEOCamp Paris by Aysun Akarsu
HTTPS The Road To A More Secure Web / SEOCamp ParisHTTPS The Road To A More Secure Web / SEOCamp Paris
HTTPS The Road To A More Secure Web / SEOCamp Paris
Aysun Akarsu14.4K views
Everyone Screws Up HTTPS by patrickstox
Everyone Screws Up HTTPSEveryone Screws Up HTTPS
Everyone Screws Up HTTPS
patrickstox29.7K views
Decentralized storage IPFS & Ulord by Steven Li
Decentralized storage IPFS & UlordDecentralized storage IPFS & Ulord
Decentralized storage IPFS & Ulord
Steven Li320 views
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today by Heroku
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayCreating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
Heroku245.3K views
goaを使った開発TIPS@六本木一丁目 by jumpei chikamori
goaを使った開発TIPS@六本木一丁目goaを使った開発TIPS@六本木一丁目
goaを使った開発TIPS@六本木一丁目
jumpei chikamori903 views
HTTP Security Headers by Ismael Goncalves
HTTP Security HeadersHTTP Security Headers
HTTP Security Headers
Ismael Goncalves530 views
Internet of Things & E-commerce by Aqeel Ahmad
Internet of Things & E-commerceInternet of Things & E-commerce
Internet of Things & E-commerce
Aqeel Ahmad1.7K views
セキュアアプリケーションのためのHTTP設定 by ryusukekumita1
セキュアアプリケーションのためのHTTP設定セキュアアプリケーションのためのHTTP設定
セキュアアプリケーションのためのHTTP設定
ryusukekumita1541 views
Devops days berlin-2016 by François Le Droff
Devops days berlin-2016Devops days berlin-2016
Devops days berlin-2016
François Le Droff328 views
WebSocket - Nov 2011 by takanao ENODH
WebSocket - Nov 2011WebSocket - Nov 2011
WebSocket - Nov 2011
takanao ENODH816 views
Cabeçalhos de Segurança HTTP by Ismael Goncalves
Cabeçalhos de Segurança HTTPCabeçalhos de Segurança HTTP
Cabeçalhos de Segurança HTTP
Ismael Goncalves73 views
PWA Roadshow Seoul - HTTPS by Chang W. Doh
PWA Roadshow Seoul - HTTPSPWA Roadshow Seoul - HTTPS
PWA Roadshow Seoul - HTTPS
Chang W. Doh1.9K views
DIY WordPress Site Management: Configure, Launch, and Maintain by Cliff Seal
DIY WordPress Site Management: Configure, Launch, and MaintainDIY WordPress Site Management: Configure, Launch, and Maintain
DIY WordPress Site Management: Configure, Launch, and Maintain
Cliff Seal1.7K views
Maximizing Performance with SPDY and SSL by Zoompf
Maximizing Performance with SPDY and SSLMaximizing Performance with SPDY and SSL
Maximizing Performance with SPDY and SSL
Zoompf5.3K views
Google's Search Signals For Page Experience - SMX Advanced 2021 Patrick Stox by Ahrefs
Google's Search Signals For Page Experience - SMX Advanced 2021 Patrick StoxGoogle's Search Signals For Page Experience - SMX Advanced 2021 Patrick Stox
Google's Search Signals For Page Experience - SMX Advanced 2021 Patrick Stox
Ahrefs470 views
01_Migrate Web Sites to Azure Web Apps_GAB2019 by Kumton Suttiraksiri
01_Migrate Web Sites to Azure Web Apps_GAB201901_Migrate Web Sites to Azure Web Apps_GAB2019
01_Migrate Web Sites to Azure Web Apps_GAB2019
Kumton Suttiraksiri566 views
Google drive on linux by 維泰 蔡
Google drive on linuxGoogle drive on linux
Google drive on linux
維泰 蔡1.1K views
The Future of https in Search by semrush_webinars
The Future of https in SearchThe Future of https in Search
The Future of https in Search
semrush_webinars135 views
OneDrive, TwoDrive, Whiterive, BlueDrive (hahaha) by SPC Adriatics
OneDrive, TwoDrive, Whiterive, BlueDrive (hahaha)OneDrive, TwoDrive, Whiterive, BlueDrive (hahaha)
OneDrive, TwoDrive, Whiterive, BlueDrive (hahaha)
SPC Adriatics681 views
Premature optimisation: The Root of All Evil by Fabio Akita
Premature optimisation: The Root of All EvilPremature optimisation: The Root of All Evil
Premature optimisation: The Root of All Evil
Fabio Akita1.2K views

Recently uploaded

virtual reality.pptx by
virtual reality.pptxvirtual reality.pptx
virtual reality.pptxG036GaikwadSnehal
11 views15 slides
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...Bernd Ruecker
26 views69 slides
Scaling Knowledge Graph Architectures with AI by
Scaling Knowledge Graph Architectures with AIScaling Knowledge Graph Architectures with AI
Scaling Knowledge Graph Architectures with AIEnterprise Knowledge
24 views15 slides
Piloting & Scaling Successfully With Microsoft Viva by
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft VivaRichard Harbridge
10 views160 slides
DALI Basics Course 2023 by
DALI Basics Course 2023DALI Basics Course 2023
DALI Basics Course 2023Ivory Egg
14 views12 slides
Tunable Laser (1).pptx by
Tunable Laser (1).pptxTunable Laser (1).pptx
Tunable Laser (1).pptxHajira Mahmood
23 views37 slides

Recently uploaded(20)

virtual reality.pptx by G036GaikwadSnehal
virtual reality.pptxvirtual reality.pptx
virtual reality.pptx
G036GaikwadSnehal11 views
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker26 views
Scaling Knowledge Graph Architectures with AI by Enterprise Knowledge
Scaling Knowledge Graph Architectures with AIScaling Knowledge Graph Architectures with AI
Scaling Knowledge Graph Architectures with AI
Enterprise Knowledge24 views
Piloting & Scaling Successfully With Microsoft Viva by Richard Harbridge
Piloting & Scaling Successfully With Microsoft VivaPiloting & Scaling Successfully With Microsoft Viva
Piloting & Scaling Successfully With Microsoft Viva
Richard Harbridge10 views
DALI Basics Course 2023 by Ivory Egg
DALI Basics Course 2023DALI Basics Course 2023
DALI Basics Course 2023
Ivory Egg14 views
Tunable Laser (1).pptx by Hajira Mahmood
Tunable Laser (1).pptxTunable Laser (1).pptx
Tunable Laser (1).pptx
Hajira Mahmood23 views
handbook for web 3 adoption.pdf by Liveplex
handbook for web 3 adoption.pdfhandbook for web 3 adoption.pdf
handbook for web 3 adoption.pdf
Liveplex19 views
Five Things You SHOULD Know About Postman by Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman27 views
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... by James Anderson
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
James Anderson33 views
Case Study Copenhagen Energy and Business Central.pdf by Aitana
Case Study Copenhagen Energy and Business Central.pdfCase Study Copenhagen Energy and Business Central.pdf
Case Study Copenhagen Energy and Business Central.pdf
Aitana12 views
Microsoft Power Platform.pptx by Uni Systems S.M.S.A.
Microsoft Power Platform.pptxMicrosoft Power Platform.pptx
Microsoft Power Platform.pptx
Uni Systems S.M.S.A.47 views
20231123_Camunda Meetup Vienna.pdf by Phactum Softwareentwicklung GmbH
20231123_Camunda Meetup Vienna.pdf20231123_Camunda Meetup Vienna.pdf
20231123_Camunda Meetup Vienna.pdf
Phactum Softwareentwicklung GmbH28 views
Web Dev - 1 PPT.pdf by gdsczhcet
Web Dev - 1 PPT.pdfWeb Dev - 1 PPT.pdf
Web Dev - 1 PPT.pdf
gdsczhcet55 views
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院 by IttrainingIttraining
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
IttrainingIttraining34 views
ChatGPT and AI for Web Developers by Maximiliano Firtman
ChatGPT and AI for Web DevelopersChatGPT and AI for Web Developers
ChatGPT and AI for Web Developers
Maximiliano Firtman181 views
Empathic Computing: Delivering the Potential of the Metaverse by Mark Billinghurst
Empathic Computing: Delivering the Potential of the MetaverseEmpathic Computing: Delivering the Potential of the Metaverse
Empathic Computing: Delivering the Potential of the Metaverse
Mark Billinghurst470 views
1st parposal presentation.pptx by i238212
1st parposal presentation.pptx1st parposal presentation.pptx
1st parposal presentation.pptx
i2382129 views
Business Analyst Series 2023 - Week 3 Session 5 by DianaGray10
Business Analyst Series 2023 - Week 3 Session 5Business Analyst Series 2023 - Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray10209 views
Info Session November 2023.pdf by AleksandraKoprivica4
Info Session November 2023.pdfInfo Session November 2023.pdf
Info Session November 2023.pdf
AleksandraKoprivica410 views
Unit 1_Lecture 2_Physical Design of IoT.pdf by StephenTec
Unit 1_Lecture 2_Physical Design of IoT.pdfUnit 1_Lecture 2_Physical Design of IoT.pdf
Unit 1_Lecture 2_Physical Design of IoT.pdf
StephenTec11 views

Nisra16 你的 https 真的安全嗎?