SSL

Overview

• 深入了解SSL/TLS
• 簡介 HTTPS / TLS 安全通訊協議
• An overview of the SSL Handshake
• HTTPS/SSL/TLS 概述，整體流程、憑證、數位簽章
• 從 SSL 到 SSL Pinning 看完你就懂
• What is certificate pinning
• Hostname Verification
• Requests-The User Guide-Advanced Usage
• 用戶端憑證與伺服器憑證有何差異？
• Client Certificate Authentication (Part 1)
• Client Certificate vs Server Certificate: Simplifying the Difference
• What is a Root SSL Certificate
• OpenSSL client certificates vs server certificates
• SSL Handshake and HTTPS Bindings on IIS
• Day14|密碼學初探(7)：非對稱加密與數位簽章

憑證

• DV (Domain validated)
• OV (Organization validated)
  • github
• EV (Extended validation)
  • paypal
  • momo

參考

• TLS/SSL憑證 DV, OV, EV 差異與識別方法
• 效果不大，Chrome、Firefox將縮減EV簽章標示
• Wildcard SSL certificate for second-level subdomain
• Best location for SSL certificate and private keys on Ubuntu

SNI

Customized SNI

1. openssl
2. Postman改Host

openssl

openssl s_client -connect "diqz8h6n59coy.cloudfront.net:443" -servername "diqz8h6n59coy.cloudfront.net"

openssl s_client -connect "diqz8h6n59coy.cloudfront.net:443" -servername "github.com"

openssl s_client -connect "diqz8h6n59coy.cloudfront.net:443" -servername "tw.yahoo.com"

openssl s_client -connect "diqz8h6n59coy.cloudfront.net:443" -servername "stackoverflow.com"