SSL
Overview
- 深入了解SSL/TLS
- 簡介 HTTPS / TLS 安全通訊協議
- An overview of the SSL Handshake
- HTTPS/SSL/TLS 概述,整體流程、憑證、數位簽章
- 從 SSL 到 SSL Pinning 看完你就懂
- What is certificate pinning
- Hostname Verification
- Requests-The User Guide-Advanced Usage
- 用戶端憑證與伺服器憑證有何差異?
- Client Certificate Authentication (Part 1)
- Client Certificate vs Server Certificate: Simplifying the Difference
- What is a Root SSL Certificate
- OpenSSL client certificates vs server certificates
- SSL Handshake and HTTPS Bindings on IIS
- Day14|密碼學初探(7):非對稱加密與數位簽章
憑證
- DV (Domain validated)
- OV (Organization validated)
- github
- EV (Extended validation)
- paypal
- momo
參考
- TLS/SSL憑證 DV, OV, EV 差異與識別方法
- 效果不大,Chrome、Firefox將縮減EV簽章標示
- Wildcard SSL certificate for second-level subdomain
- Best location for SSL certificate and private keys on Ubuntu
SNI
Customized SNI
- openssl
- Postman改Host
openssl
openssl s_client -connect "diqz8h6n59coy.cloudfront.net:443" -servername "diqz8h6n59coy.cloudfront.net"
openssl s_client -connect "diqz8h6n59coy.cloudfront.net:443" -servername "github.com"
openssl s_client -connect "diqz8h6n59coy.cloudfront.net:443" -servername "tw.yahoo.com"
openssl s_client -connect "diqz8h6n59coy.cloudfront.net:443" -servername "stackoverflow.com"