Upload
huang-i-yang
View
2.982
Download
3
Embed Size (px)
Citation preview
HTTPS Henry@NISRA
2016/12/19
• HTTP HTTPS ◦ HTTPS ◦
•◦◦◦ EV HTTPS
• HTTPS ◦◦◦ ◦ Let’s Encrypt
• HTTPS ◦ SSLLAB ◦ HTTPS ◦ HTTPS
• DEMO QA
HTTPS
HTTP
HTTPS TCP HTTP TLS
HTTPS
HTTPS
• -
• -
• - Google HTTPS SEO
• - Chrome Geolocation HTTPS
• - Apple iOS App 2017 HTTPS
HTTPS V.S. HTTP HTTP =
HTTP
•
HTTPS -
HTTPS HTTPS -
•
• DNS
•
...
SHA1
SINGLE DOMAIN WILD CARD
SINGLE DOMAIN WILD CARD
/
... ...
VERISIGN ...
• Privacy Key
•
•
•
...
• HTTPS
• IE Firefox Chrome 360 QQ .......
•
LET'S ENCRYPT
•
• 90
GEA-SUAN LIN HTTPS://LETSENCRYPT.TW/
HTTPS SSLAB
•
•
• F
HTTPS A+ F
TESTSSL.SH https://testssl.sh/
HTTPS
HTTPS
•
•
•
•
HTTPS
HTTP TCP RTT HTTPS TCP + SSL RTT
HTTPS
$ curl -w "TCP handshake: %{time_connect}, SSL handshake: %{time_appconnect}\n" -so /dev/null https://www.alipay.com
HTTPS
•
•
HTTPS
• HTTPS
HTTPS
• HTTPS
•
•
HTTPS
•
IE6
HTTPS
HTTPS
HTTPS
• SSLv2 SSLv3
• Cipher Strength MD5 1024 bit
• HSTS HTTP Strict Transport Security
• Perfect Forward Secrecy
• Weak Diffie-Hellman(DH)
CIPHERLI.SThttps://cipherli.st/
MOZILLA SSL CONFIGURATION GENERATORhttps://mozilla.github.io/server-side-tls/ssl-config-generator/
HTTPS
HTTPS
• TLS False Start
• Certificate-Chain
• Session Resumption
• OCSP Stapling
HTTPS
• TLS False Start Client Change Cipher Spec Finished
Application Data TLS Application Data
HTTPS
• Certificate-Chain -> ->
ECC
HTTPS
• Session Resumption
RTT
HTTPS
• OCSP Stapling
OCSPOCSP Stapling
OCSP OCSP
Responder
HTTPS HTTPS
DEMO TIME