Tag: ssl

  • The best detailed SSL Certificate check report tools

    The best detailed SSL Certificate check report tools

    If i want to check my ssl https certificate ,i usually use two tools ,one is simple report ,sencond is more details , let’s look: 1、https://www.sslshopper.com/ssl-checker.html#hostname=moneyslow.com I only want to know Valid date and ssl Certificate Chain: 2、https://www.ssllabs.com/ssltest/analyze.html?d=moneyslow.com it takes about 2 minutes: It’s has a lot of ssl certificate check details ,include everything:

  • 探测https证书支持协议的3种方法

    探测https证书支持协议的3种方法

    nmap -sV –script ssl-enum-ciphers -p 443 <host> 参考 https://jumpnowtek.com/security/Using-nmap-to-check-certs-and-supported-algos.html openssl s_client -connect poftut.com:443  参考 https://www.poftut.com/use-openssl-s_client-check-verify-ssltls-https-webserver/ sslscan 参考 https://github.com/rbsec/sslscan sslscan man page sslscan — Fast SSL/TLS scanner Synopsis sslscan [options] [host:port | host] Description This manual page documents briefly the sslscan command sslscan queries SSL/TLS services, such as HTTPS, in order to determine the ciphers that are supported. SSLScan is designed…

  • nginx禁止ssl2和ssl3

    nginx禁止ssl2和ssl3

    Why disable SSL v2 en SSL v3?为啥要禁用ssl v2 ssl v3 SSL 2.0 and SSL 3.0 are obsolete versions of the SSL protocol that have long since been superseded by the more secure Transport Layer Security (TLS) protocol, dat betere beveiliging biedt. In addition, a SSL 3.0 security flaw nicknamed POODLE was discovered in 2014, allowing…

  • nginx中80端口跳转到443端口的方法

    nginx中80端口跳转到443端口的方法

    网站升级为https后,需要将http的访问跳转到https,可以用如下nginx的配置方法: server { listen 80; listen 443 ssl; server_name moneyslow.com blogcdn.a8z8.com; if ($ssl_protocol = “”) { rewrite ^ https://$server_name$request_uri? permanent; } 。。。。。。。 }

  • ssl解密:浏览器如何认识中级证书和根证书

    浏览器的安装包里,保存着一些它信任的根证书(公钥)。 证书发行商们为了安全,通常会将这些根证书对应的私钥保存在绝对断网的金库里。在金库里用这些根私钥,签发一些“中级”证书,这些中级证书的私钥拥有签发再下一级证书的权限。这些中级私钥被安装到在线服务器上,通过签发网站证书来赚钱。一旦这些服务器被黑,发行商就可以利用金库里物理隔离的根证书私钥,可以签发吊销令,消灭这些中级证书的信任,而不必让各家浏览器彻底不信任这家发行商的根证书。再签一条新的中级发行证书,又是一条能赚钱的好汉。 问题来了。 浏览器只认根证书。中级证书的认证,你(网站)得自己开证明。 一个正确配置的HTTPS网站应该在证书中包含完整的证书链。 比如以 openssl s_client -connect www.wosign.com:443 命令来查看wosign自己的网站配置。 其余内容可以无视,只看Certificate chain这一段: — Certificate chain 0 s:/1.3.6.1.4.1.311.60.2.1.3=CN/1.3.6.1.4.1.311.60.2.1.2=Guangdong/1.3.6.1.4.1.311.60.2.1.1=Shenzhen/businessCategory=Private Organization/serialNumber=440301103308619/C=CN/ST=\xE5\xB9\xBF\xE4\xB8\x9C\xE7\x9C\x81/L=\xE6\xB7\xB1\xE5\x9C\xB3\xE5\xB8\x82/postalCode=518067/street=\xE6\xB7\xB1\xE5\x9C\xB3\xE5\xB8\x82\xE5\x8D\x97\xE5\xB1\xB1\xE5\x8C\xBA\xE5\x8D\x97\xE6\xB5\xB7\xE5\xA4\xA7\xE9\x81\x931057\xE5\x8F\xB7\xE7\xA7\x91\xE6\x8A\x80\xE5\xA4\xA7\xE5\x8E\xA6\xE4\xBA\x8C\xE6\x9C\x9FA\xE6\xA0\x8B502#/O=WoSign\xE6\xB2\x83\xE9\x80\x9A\xE7\x94\xB5\xE5\xAD\x90\xE8\xAE\xA4\xE8\xAF\x81\xE6\x9C\x8D\xE5\x8A\xA1\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8/CN=www.wosign.com i:/C=CN/O=WoSign CA Limited/CN=WoSign Class 4 EV Server CA 1 s:/C=CN/O=WoSign CA Limited/CN=WoSign Class 4 EV Server CA i:/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign 2 s:/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification…

  • https的压力测试工具siege用法

    jeo dog 是个有10多年历史的软件站,有个https的工具siege很厉害,几乎国内没有使用的,今天介绍给大家。 先下载安装: wget http://download.joedog.org/siege/siege-3.0.5.tar.gz tar -xzvf siege-3.0.5.tar.gz cd siege-3.0.5 ./configure –prefix=/home/2hei.net/siege –with-ssl=/usr/include/openssl make && make install 运行测试,模拟1000用户打压5分钟: /home/2hei.net/siege/bin/siege -c 1000 -t 5m https://xxx.com 结果: Lifting the server siege… done. Transactions: 376673 hits Availability: 99.98 % Elapsed time: 299.70 secs Data transferred: 114.59 MB Response time: 0.29 secs Transaction rate: 1256.83 trans/sec Throughput: 0.38…