[B! ssl] dannã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

dann id:dann

sslã«é–¢ã™ã‚‹dannã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (54)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

How to Scale Your EMA
dann 2023/10/02
ssl
ãƒªãƒ³ã‚¯
ç¤¾å†…ã‚µãƒ¼ãƒ“ã‚¹ã‚’ä¸€æ‹¬ãƒ»å³åº§ãƒ»ã‚»ã‚ãƒ¥ã‚¢ã«ãƒªãƒ¢ãƒ¼ãƒˆãƒ¯ãƒ¼ã‚¯é–‹æ”¾ã—ãŸè©± - ã‚¨ãƒ ã‚¹ãƒªãƒ¼ãƒ†ãƒƒã‚¯ãƒ–ãƒã‚°
ã¯ã˜ã‚ã¾ã—ã¦ã€‚ ã‚¨ãƒ ã‚¹ãƒªãƒ¼ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ãƒªãƒ³ã‚°ã‚°ãƒ«ãƒ¼ãƒ—SREãƒãƒ¼ãƒ ã®å±±æœ¬ã§ã™ã€‚ å…ˆæ—¥æ¥ã®ãƒªãƒ¢ãƒ¼ãƒˆãƒ¯ãƒ¼ã‚¯ä¿ƒé€²ã®ä¸ã€å¼Šç¤¾ã§ã‚‚å¤šãã®ç¤¾å“¡ãŒã‚ªãƒ•ã‚£ã‚¹å¤–ã‹ã‚‰æŽ¥ç¶šã™ã‚‹ã‚ˆã†ã«ãªã‚Šã¾ã—ãŸã€‚ ã‚‚ã¡ã‚ã‚“ã€VPNã‚’åˆ©ç”¨ã™ã‚Œã°ç¤¾å†…ã®ã‚µãƒ¼ãƒ“ã‚¹ã‚‚åˆ©ç”¨ã§ãã¾ã™ãŒã€VPNã®ä½¿ç”¨é‡ãŒä¸€æ°—ã«å¢—ãˆã‚‹ã¨ãã¡ã‚‰ã®åˆ¶é™ã«ã‹ã‹ã‚Šã¾ã™ã€‚ ä»Šå›žã€ŒVPNã‚’å¯èƒ½ãªé™ã‚Šåˆ©ç”¨ã›ãšã€ãªãŠã‹ã¤ã‚»ã‚ãƒ¥ã‚¢ã«ç¤¾å†…ã®ã‚µãƒ¼ãƒ“ã‚¹ã‚’åˆ©ç”¨ã—ã¦ã‚‚ã‚‰ã†ã€ã¨ã„ã†èª²é¡Œã«å–ã‚Šçµ„ã¿ã¾ã—ãŸã®ã§ã€ã“ã“ã§ãã®ç´¹ä»‹ã‚’ã•ã›ã¦ãã ã•ã„ã€‚ å‰æ æ–¹é‡ ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã®å•é¡Œç‚¹ ä¸€æ‹¬ã§ã®SSLåŒ–ãƒ»è¨¼æ˜Žæ›¸æ¤œè¨¼ ãƒ‰ãƒ¡ã‚¤ãƒ³å¤‰æ› å®Ÿéš›ã®è¨å®š Squidã®è¨å®š(æŠœç²‹) unboundã®è¨å®š nginxã®è¨å®š(ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸æ¤œè¨¼) nginxã®è¨å®š(HTTPã‚µãƒ¼ãƒã«å¯¾ã™ã‚‹proxy) nginxã®è¨å®š(å€‹åˆ¥å¯¾å¿œ) ãƒ–ãƒ©ã‚¦ã‚¶ã®Proxyè¨å®š ãã®å¾Œç™ºç”Ÿã—ãŸå•é¡Œ ãƒãƒ¼ãƒˆå•é¡Œ Hostãƒ˜ãƒƒãƒ€å•é¡Œ æˆ»ã‚Šãƒ˜ãƒƒãƒ€å•
dann 2020/09/12
ssl

security

squid
ãƒªãƒ³ã‚¯
ãƒ—ãƒãƒ•ã‚§ãƒƒã‚·ãƒ§ãƒŠãƒ«SSL/TLS
ã“ã¡ã‚‰ã¯æ”¹è¨‚å‰ã®æ—§ç‰ˆã®ãƒšãƒ¼ã‚¸ã§ã™ã€‚æ”¹é¡Œç¬¬2ç‰ˆã®å•†å“ãƒšãƒ¼ã‚¸ã‚’ã”è¦§ãã ã•ã„ Webã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£è§£èª¬ã®æ±ºå®šç‰ˆ "Bulletproof SSL and TLS"Â ã®å…¨è¨³ï¼ˆåŽŸæ›¸2017å¹´ç‰ˆã¸ã®ã‚¢ãƒƒãƒ—ã‚°ãƒ¬ãƒ¼ãƒ‰æ¸ˆã¿ï¼‰ Ivan RistiÄ‡ è‘—ã€é½‹è—¤åé“ ç›£è¨³ 520ãƒšãƒ¼ã‚¸ B5åˆ¤ ISBNï¼š978-4-908686-00-9 é›»åæ›¸ç±ã®å½¢å¼ï¼šPDF 2020å¹´7æœˆ4æ—¥ ç¬¬1ç‰ˆç¬¬5åˆ· ç™ºè¡Œï¼ˆåŽŸæ›¸2017å¹´ç‰ˆã‚¢ãƒƒãƒ—ã‚°ãƒ¬ãƒ¼ãƒ‰å¯¾å¿œæ¸ˆã¿ï¼‰ æœ¬ã‚µã‚¤ãƒˆã«ã¦ãƒ¦ãƒ¼ã‚¶ç™»éŒ²ã®ã†ãˆè³¼å…¥ã„ãŸã ãã¨ã€åŽŸè‘—æ”¹è¨‚ç¬¬2ç‰ˆã«åŽéŒ²ã•ã‚Œã‚‹TLS 1.3ã®è§£èª¬ç« ã‚’ä»˜éŒ²ã¨ã—ã¦å«ã‚“ã ç‰¹åˆ¥ç‰ˆPDFãŒãŠèªã¿ã„ãŸã ã‘ã¾ã™ ç¾ä»£ç”Ÿæ´»ã‚’æ”¯ãˆã‚‹ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã«ã¨ã£ã¦ã€é€šä¿¡ã®æš—å·åŒ–ã¯ä¸å¯æ¬ ã®æ©Ÿèƒ½ã§ã™ã€‚ã—ã‹ã—ã€å®Ÿéš›ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã§æš—å·åŒ–é€šä¿¡ã‚’åˆ©ç”¨ã§ãã‚‹ã‚ˆã†ã«ã™ã‚‹ã«ã¯ã€æš—å·åŒ–ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®çŸ¥è˜ã ã‘ã§ãªãã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒ—ãƒãƒˆã‚³ãƒ«ã¨ãã®å®Ÿè£…æŠ€è¡“ã€ã•ã‚‰ã«ã€åŸºç›¤ã¨ãªã‚‹ä¿¡
dann 2018/05/06
ssl

book
ãƒªãƒ³ã‚¯
SSLè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™ç¢ºèªã«ä¾¿åˆ©ãªãƒ„ãƒ¼ãƒ«ã€Œcertã€ | DevelopersIO
ã“ã‚“ã«ã¡ã¯ã€ã‚³ã‚«ã‚³ãƒ¼ãƒ©å¤§å¥½ãã‚«ã‚¸ã§ã™ã€‚ ã€ŒSSLè¨¼æ˜Žæ›¸(ã‚µãƒ¼ãƒè¨¼æ˜Žæ›¸)ã®æœ‰åŠ¹æœŸé™ç¢ºèªã‚„è¨¼æ˜Žæ›¸ã®ç¨®é¡žã‚’ç¢ºèªã™ã‚‹ã®ã¯é¢å€’ã§ã™ã‚ˆãã€‚ã€ Opensslã®ã‚³ãƒžãƒ³ãƒ‰ã‚’Googleæ¤œç´¢ã—ã¦ãƒ»ãƒ»ãƒ»ã¨ã„ã†ã‹ã€è‡ªåˆ†ã‚‚ãã‚“ãªæ„Ÿã˜ã§ã™ã€‚ åŒã˜ãªæ‚©ã¿ã‚’æŒã£ãŸäººã„ãã†ã ãªããƒ»ãƒ»ãƒ»ã¨æ€ã£ã¦èª¿ã¹ãŸã‚‰è§£æ±ºã—ã¦ã„ãŸäººãŒã„ã¾ã—ãŸã€‚æ„Ÿè¬ã§ã™ã€‚ certã¨ã¯ SSLè¨¼æ˜Žæ›¸(ã‚µãƒ¼ãƒè¨¼æ˜Žæ›¸)ã®æƒ…å ±å–å¾—ãƒ„ãƒ¼ãƒ«ã§ã™ã€‚ï¼ˆMITãƒ©ã‚¤ã‚»ãƒ³ã‚¹ã§ã™ã€‚ï¼‰ genkiroid/cert Cert is the Go tool to get SSL certificate information. å‰ææ¡ä»¶ MacOSXã§ã®åˆ©ç”¨æ³•ã‚’è¨˜è¼‰ã—ã¾ã™ã€‚ä»–ã®OSã®å ´åˆã¯ã€GoãŒå‹•ä½œã™ã‚Œã°å‹•ãã‚ˆã†ã§ã™ã®ã§ã€ä¸Šè¨˜URLã®Readmeã‚’ã”å‚ç…§ãã ã•ã„ã€‚ certã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ— brewã‚’åˆ©ç”¨ã™ã‚Œã°ç°¡å˜ã«ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã§ãã¾ã™ã€‚ % brew tap genkiroid/
dann 2017/11/03
ssl
ãƒªãƒ³ã‚¯
CloudFront ã« SSL è¨¼æ˜Žæ›¸ã‚’å°Žå…¥ã™ã‚‹éš›ã®ãƒã‚¤ãƒ³ãƒˆã¾ã¨ã‚ - Qiita
CloudFront ã« SSL ã‚’å…¥ã‚Œã‚‹éš›ã«æ°—ã‚’ã¤ã‘ã‚‹é …ç›®ã®ã¾ã¨ã‚ã§ã™ã€‚ 2017å¹´9æœˆæ™‚ç‚¹ã§ã¯ã€ç‰¹ã« S3 ã¨ã®é€£æºã§å¤§ããªåˆ¶ç´„ãŒã‚ã‚Šã€å°†æ¥çš„ã«ã¯æ”¹å–„ã•ã‚Œã¦ã„ãã®ã§ã¯ã¨æ€ã„ã¾ã™ã€‚ç¾åœ¨ã®çŠ¶æ³ã‚’ç¢ºèªã—ã¦ãã ã•ã„ã€‚ (2017/10/26 è¿½è¨˜) Lambda@Edge ã§ S3 ã®åˆ¶ç´„ã‚’å›žé¿ã§ãã‚‹ã‚ˆã†ã«ãªã‚Šã¾ã—ãŸã€‚ã“ã¡ã‚‰ã®è¨˜äº‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„ã€‚ SNI ã‹å°‚ç”¨ IP ã‹ ã¾ãšã€ãƒ–ãƒ©ã‚¦ã‚¶ã¨ CloudFront é–“ã®é€šä¿¡ã§ã€SNI (Server Name Indication) ãŒä½¿ãˆã‚‹ã‹ã©ã†ã‹æ¤œè¨Žã—ã¾ã™ã€‚ ã‚¬ãƒ©ã‚±ãƒ¼ã‚„WindowsXP ã® IE ã¯ SNI ã«å¯¾å¿œã—ã¦ã„ã¾ã›ã‚“ã€‚ã“ã‚Œã‚‰ã®å¤ã„ç’°å¢ƒã§ã‚µã‚¤ãƒˆãŒè¦‹ãˆãªãã¦ã‚‚æ§‹ã‚ãªã„ã‹ã©ã†ã‹ã‚’ç¢ºèªã—ã¾ã™ã€‚ SNI éžå¯¾å¿œã®ãƒ–ãƒ©ã‚¦ã‚¶ã«å¯¾å¿œã™ã‚‹ã«ã¯ã€å°‚ç”¨ IP ã‚’ä½¿ã†å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚å°‚ç”¨ IP ã¯ $600/æœˆã‹ã‹ã‚Šã¾ã™ã€‚ https://aws.a
dann 2017/10/16
cloudfront

ssl
ãƒªãƒ³ã‚¯
AWS Black Belt Online Seminar AWS Certificate Manager
3. æœ¬è³‡æ–™ã§ã¯2016å¹´7æœˆ13æ—¥æ™‚ç‚¹ã®ã‚µãƒ¼ãƒ“ã‚¹å†…å®¹ãŠã‚ˆã³ä¾¡æ ¼ã«ã¤ã„ã¦ã”èª¬æ˜Žã—ã¦ã„ã¾ã™ã€‚ æœ€æ–°ã®æƒ…å ±ã¯AWSå…¬å¼ã‚¦ã‚§ãƒ–ã‚µã‚¤ãƒˆ(http://aws.amazon.com)ã«ã¦ã”ç¢ºèªãã ã•ã„ã€‚ è³‡æ–™ä½œæˆã«ã¯ååˆ†æ³¨æ„ã—ã¦ãŠã‚Šã¾ã™ãŒã€è³‡æ–™å†…ã®ä¾¡æ ¼ã¨AWSå…¬å¼ã‚¦ã‚§ãƒ–ã‚µã‚¤ãƒˆè¨˜è¼‰ã®ä¾¡ æ ¼ã«ç›¸é•ãŒã‚ã£ãŸå ´åˆã€AWSå…¬å¼ã‚¦ã‚§ãƒ–ã‚µã‚¤ãƒˆã®ä¾¡æ ¼ã‚’å„ªå…ˆã¨ã•ã›ã¦ã„ãŸã ãã¾ã™ã€‚ å†…å®¹ã«ã¤ã„ã¦ã®æ³¨æ„ç‚¹ AWS does not offer binding price quotes. AWS pricing is publ icly available and is subject to change in accordance with the AWS Customer Agreement available at http://aws.amazon.com/agreement/. Any pricing inform
dann 2017/06/21
aws

ssl
ãƒªãƒ³ã‚¯
[ACM] AWS Certificate Manager ç„¡æ–™ã®ã‚µãƒ¼ãƒè¨¼æ˜Žæ›¸ã§CloudFrontã‚’HTTPSåŒ–ã—ã¦ã¿ãŸ | DevelopersIO
ã¯ã˜ã‚ã« AWSãƒãƒ¼ãƒ ã®éˆ´æœ¨ã§ã™ã€‚ æœ¬æ—¥ã€AWSã‚ˆã‚Šæ–°æ©Ÿèƒ½ã€ŒAWS Certificate Managerã€ï¼ˆACM) ãŒç™ºè¡¨ã•ã‚Œã€ç„¡æ–™ã§ã‚µãƒ¼ãƒè¨¼æ˜Žæ›¸ã‚’ç™ºè¡Œã—ã€CloudFrontã€ELBã§åˆ©ç”¨ã™ã‚‹äº‹ãŒå¯èƒ½ã«ãªã‚Šã¾ã—ãŸã€‚ ä»Šå›žã€ACMã§ã‚µãƒ¼ãƒè¨¼æ˜Žæ›¸ã‚’ç™ºè¡Œã—ã€CloudFrontã®ç‹¬è‡ªãƒ‰ãƒ¡ã‚¤ãƒ³è¨å®šã§HTTPSé€šä¿¡ã‚’è©¦ã™æ©Ÿä¼šãŒã‚ã‚Šã¾ã—ãŸã®ã§ã€ãã®ä¸€é€£ã®æ‰‹é †ã‚’ç´¹ä»‹ã•ã›ã¦é ‚ãã¾ã™ã€‚ New â€“ AWS Certificate Manager â€“ Deploy SSL/TLS-Based Apps on AWS æ‰‹é † ACM ã®åˆ©ç”¨é–‹å§‹ AWSã‚³ãƒ³ã‚½ãƒ¼ãƒ«ã€ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ï¼†ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã«å¢—ãˆãŸã€ŒCertificate Managerã€ã‚’é–‹ãã¾ã™ã€‚ ACMã¯ã€2016å¹´1æœˆç¾åœ¨ã€ç±³å›½æ±éƒ¨ï¼ˆus-east-1ï¼‰ãƒªãƒ¼ã‚¸ãƒ§ãƒ³ã§ã®æä¾›ã¨ãªã‚Šã¾ã™ã€‚ ã€ŒGet Stardã€ã®ãƒªãƒ³ã‚¯ã‚ˆã‚Šåˆ©ç”¨ã‚’é–‹å§‹ã—ã¾ã™ã€‚ è¨¼æ˜Žæ›¸ã®
dann 2017/06/21
aws

ssl
ãƒªãƒ³ã‚¯
AWS Certificate Managerï¼ˆSSL/TLS è¨¼æ˜Žæ›¸ã‚’ç„¡æ–™ã§ä½œæˆï¼‰ | AWS
AWS Certificate Manager AWS ã®ã‚µãƒ¼ãƒ“ã‚¹ã¨æŽ¥ç¶šã•ã‚ŒãŸãƒªã‚½ãƒ¼ã‚¹ã‚’ä½¿ç”¨ã—ãŸ SSL/TLS è¨¼æ˜Žæ›¸ã®ãƒ—ãƒãƒ“ã‚¸ãƒ§ãƒ‹ãƒ³ã‚°ã¨ç®¡ç†
dann 2017/06/21
aws

ssl
ãƒªãƒ³ã‚¯
Web over HTTPS
Web over HTTPS DevFest Tokyo 2016 #devfest16 2016/10/0
dann 2016/10/12
https

ssl
ãƒªãƒ³ã‚¯
TCP serverã‚’SSL/TLSåŒ–ã™ã‚‹ã®ã« nginx ã® stream_ssl_module/stream_proxy_module ãŒä¾¿åˆ© - ãŸã”ã‚‚ã‚Šã™ãƒ¡ãƒ¢
æœ€è¿‘ Fluentd ã®é€šä¿¡ãƒ—ãƒãƒˆã‚³ãƒ«ã¾ã‚ã‚Šã‚’ã‚¢ãƒƒãƒ—ãƒ‡ãƒ¼ãƒˆã™ã‚‹ãŸã‚ã«ã‚ã‚Œã“ã‚Œã„ã˜ã£ã¦ã„ã‚‹*1ã‚“ã ã‘ã©ã€ã“ã‚Œã¯ãŠãŠã‚€ã fluent-plugin-secure-forward ãŒã‚µãƒãƒ¼ãƒˆã—ã¦ã„ãŸå†…å®¹ã‚’ Fluentd çµ„è¾¼ã¿ã® forward plugin ã§ã‚‚ã‚µãƒãƒ¼ãƒˆã—ã¾ã™ã‚ˆã€ã¨ã„ã†ã‚‚ã®ã«ãªã‚‹ã€‚ ã‚“ã§å•é¡Œãªã®ãŒ secure-forward ã¯ SSL/TLS ã§ã®æŽ¥ç¶šã®ã¿ã—ã‹ã‚µãƒãƒ¼ãƒˆã—ã¦ãªã‹ã£ãŸã‚“ã ã‘ã© forward ã§ã¯ç”Ÿã® TCP ã§é€šä¿¡ã™ã‚‹*2ã®ã§ã€æœ¬å½“ã« secure-forward ã¨ forward ãã‚Œãžã‚Œã®å®Ÿè£…é–“ã§äº’æ›æ€§ãŒä¿ãŸã‚Œã¦ã„ã‚‹ã®ã‹ã€ç›´æŽ¥çš„ã«ã¯ç¢ºèªã™ã‚‹æ‰‹æ®µãŒãªã„ã€ã¨ã„ã†ã“ã¨ã«ãªã£ã¦ã—ã¾ã†ã€‚ TCP server ã® SSL/TLS åŒ– ä¸€æ–¹ä¸–ã®ä¸ã«ã¯ SSL/TLS ã‚¿ãƒ¼ãƒŸãƒãƒ¼ã‚¿ã¨ã„ã†æ©Ÿèƒ½ãŒã‚ã£ã¦ã€ãŸã¨ãˆã°ãƒãƒ¼ãƒ‰ãƒãƒ©ãƒ³ã‚µãªã‚“ã‹ãŒã“ã®æ©Ÿèƒ½ã‚’æŒã£ã¦ã„ã‚‹ã€‚ä½•ã‚’ã‚„ã‚‹ã‹ã¨
dann 2016/08/25
nginx

ssl
ãƒªãƒ³ã‚¯
let's encrypt ã®è¨¼æ˜Žæ›¸ã‚’ä½œã£ã¦ã¿ãŸ - æ—¥è¨˜
let's encrypt ã£ã¦ãªã«ï¼Ÿ HTTPS é€šä¿¡ã«å¿…è¦ãªè¨¼æ˜Žæ›¸ã‚’ç„¡æ–™ã‹ã¤ã€åŠè‡ªå‹•ã§å–å¾—ã§ãã‚‹ä»•çµ„ã¿ã§ã™ã€‚ ç„¡æ–™ã§æœ¬å½“ã«ä½¿ãˆã‚‹ã®ï¼Ÿ ã¡ã‚ƒã‚“ã¨ä½¿ãˆã¾ã™ã€‚ ãŸã ã€å¤ã„ãƒ–ãƒ©ã‚¦ã‚¶ã‚„ã‚¬ãƒ©ã‚±ãƒ¼ï¼ˆï¼‰ã®ã‚µã‚¤ãƒˆã«ä½¿ã†ã®ã¯æ™‚ã¯æ³¨æ„ãŒè¦ã‚Šã¾ã™ã€‚ ç‰¹ã«ã‚¬ãƒ©ã‚±ãƒ¼ã¯å¼•ã£ã‹ã‹ã‚‹ã¨æ€ã„ã¾ã™ãŒã€ä¸é–“è¨¼æ˜Žæ›¸ãŒå¿…è¦ã§ä¸é–“è¨¼æ˜Žæ›¸ã‚’å«ã‚€ certificate chain ã®æ¤œè¨¼ã«å¯¾å¿œã—ãªã„ãƒ–ãƒ©ã‚¦ã‚¶ã§ã¯ã€ç„¡åŠ¹ãªè¨¼æ˜Žæ›¸ã¨ã—ã¦æ‰±ã‚ã‚Œã¦ã—ã¾ã„ã¾ã™ã€‚ã“ã‚Œã¯ç„¡æ–™ã ã‹ã‚‰ã€ã“ã†ãªã£ã¦ã„ã‚‹ã¨è¨€ã†ã‚ã‘ã§ã‚‚ãªãã€æœ‰æ–™ãªãŒã‚‰æ ¼å®‰è¨¼æ˜Žæ›¸ã® RapidSSL ã§ã‚‚åŒæ§˜ã§ã€ä¸é–“è¨¼æ˜Žæ›¸ãŒå¿…è¦ã«ãªã‚Šã¾ã™ã€‚ è¨¼æ˜Žæ›¸ã®å–å¾—ã«å¿…è¦ãªã‚‚ã®ã¯ï¼Ÿ å¤§ããäºŒã¤å¿…è¦ã§ã™ã€‚ æ‰€æœ‰ã—ã¦ã„ã‚‹ãƒ‰ãƒ¡ã‚¤ãƒ³ å…¬é–‹ã•ã‚Œã¦ã„ã‚‹ Web ã‚µãƒ¼ãƒ å½“ç„¶ã¨è¨€ãˆã°å½“ç„¶ã§ã™ã€‚ ä¸€èˆ¬çš„ãª SSL ã‚µãƒ¼ãƒè¨¼æ˜Žæ›¸ã‚’å–å¾—ã™ã‚‹æ™‚ã«å¿…è¦ãª CSR ã‚„ã€æ ¼å®‰è¨¼æ˜Žæ›¸ã‚’å–å¾—ã™ã‚‹æ™‚ã«å¿…è¦ãªãƒ‰ãƒ¡ã‚¤ãƒ³åã®ãƒ¡ãƒ¼ãƒ«ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚‚ä¸
dann 2016/02/21
ssl
ãƒªãƒ³ã‚¯
qpstudy 2015.11.14 ä¸€æ©å…ˆã‚’è¡Œãã‚¤ãƒ³ãƒ•ãƒ©ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã«çŸ¥ã£ã¦ã»ã—ã„SSL/TLS
1. Â© 2015 Kenji Urushima All rights reserved. ä¸€æ©å…ˆã‚’è¡Œãã‚¤ãƒ³ãƒ•ãƒ©ã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢ã« çŸ¥ã£ã¦ã»ã—ã„ Â SSL/TLSè¨å®š qpstudy 2015.11ï¼šã‚ãƒ¥ãƒ¼ãƒ”ãƒ¼ï¼“åˆ†ã‚¤ãƒ³ãƒ•ãƒ©ã‚¯ãƒƒã‚ãƒ³ã‚°å‹‰å¼·ä¼š ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã«ä¸‡å…¨ã‚’æ±‚ã‚ã‚‹ã®ã¯é–“é•ã£ã¦ã„ã‚‹ã ã‚ã†ã‹ æ–¼ï¼šæ±éŠ€åº§ Â ãƒ‰ãƒ¯ãƒ³ã‚´æ ªå¼ä¼šç¤¾ 2015å¹´11æœˆ14æ—¥(åœŸ) 14:00ã€œ17:00 @kjur (15:15-16:30 75åˆ†) 2. Â© 2015 Kenji Urushima All rights reserved. ãƒ»çµŒæ´ ãƒ»å¯Œå£«ã‚¼ãƒãƒƒã‚¯ã‚¹(2010ï½ž) ãƒ»ã‚¨ãƒ³ãƒˆãƒ©ã‚¹ãƒˆã‚¸ãƒ£ãƒ‘ãƒ³(2005ï½ž2010) ãƒ»ã‚»ã‚³ãƒ (1988ï½ž2005) ãƒ»èˆˆå‘³ï¼š PKI, Â TLS, Â é›»åç½²å, Â SSO, Â èªè¨¼, Â æš—å·, CSIRT, Â è„†å¼±æ€§æ¤œæŸ», Â ãƒ•ã‚©ãƒ¬ãƒ³ã‚¸ãƒƒã‚¯, ã‚¹ãƒžãƒ›, Â ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°, Â ãƒ“ãƒƒãƒˆã‚³ã‚¤
dann 2015/11/14
ssl
ãƒªãƒ³ã‚¯
Nginxã§SSLã®è©•ä¾¡ã‚’A+ã«ã™ã‚‹æ‰‹é †
æ˜¨æ—¥ HTTPS åŒ–ã—ãŸ ã‚·ãƒ£ãƒ³ãƒ—ãƒ¼è©•ä¾¡ã‚µã‚¤ãƒˆ ã®SSLè©•ä¾¡ã‚’A+ã«ã—ã¾ã—ãŸã€‚ å‚è€ƒã«ã—ãŸã®ã¯ä¸‹ã®è¨˜äº‹ HTTPS on Nginx: From Zero to A+ (Part 2) - Configuration, Ciphersuites, and Performance - Julian Simioni ã“ã®è¨˜äº‹ã®Nginxè¨¼æ˜Žæ›¸è¨å®šã‚’POSTDã•ã‚“ãŒç¿»è¨³ã—ã¦ã„ã‚‹ã®ã§ã€è¿‘ã„ã†ã¡ã«è©³ã—ã„è¨³ã¯æ—¥æœ¬èªžã§èªã‚ã‚‹ã‹ã‚‚ã€‚ã“ã“ã§ã¯é©å½“ã«ã‹ã„ã¤ã¾ã‚“ã æ‰‹é †ã‚’æ›¸ã„ã¦ãŠãã€‚ä¸€éƒ¨æ™‚é–“ã®ã‹ã‹ã‚‹ã‚³ãƒžãƒ³ãƒ‰ã‚‚ã‚ã‚‹ã‘ã©ã€åŸºæœ¬çš„ã«æ±ºã¾ã£ãŸè¨å®šæ›¸ãã ã‘ãªã®ã§æ™‚é–“ã¯ã‹ã‹ã‚Šã¾ã›ã‚“ã€‚ï¼ˆã‚‚ã¡ã‚ã‚“ã©ã†ã„ã†æ„å‘³ãªã®ã‹çŸ¥ã£ã¦ãŠãã«è¶Šã—ãŸã“ã¨ã¯ãªã„ï¼‰ SSLã®è©•ä¾¡è¨ˆæ¸¬ã«ã¤ã„ã¦ SSLã‚µãƒ¼ãƒãƒ¼ã®ãƒ†ã‚¹ãƒˆã¯Qualys SSL Reportã§ç¢ºèªã—ã¾ã™ã€‚ Nginxãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®è¨å®šã§è¨ˆæ¸¬ã—ãŸã‚‰Cã ã£ãŸã€‚ SSLv3 ã‚’ç„¡åŠ¹ã«ã™ã‚‹ SSLv3
dann 2015/03/23
nginx

ssl
ãƒªãƒ³ã‚¯
ã‚µãƒ¼ãƒå´ã®SSL Session CacheçŠ¶æ³ã‚’ç¢ºèªã™ã‚‹ã€Œrfc5077ã€ã¨ã„ã†ãƒ„ãƒ¼ãƒ«ãŒä¾¿åˆ© - oranie's blog
ã“ã®2æ—¥ãã‚‰ã„ã‚¹ãƒžãƒ¼ãƒˆãƒ•ã‚©ãƒ³ã‚¢ãƒ—ãƒªé–‹ç™ºã‚¨ãƒ³ã‚¸ãƒ‹ã‚¢å¿…é ˆã‚¹ã‚ãƒ«ã®Nginxã‚’è§¦ã‚Šã¾ãã£ã¦ã„ã¦ã€åŒåƒšãŒè¦‹ã¤ã‘ã¦æ¥ã¦è§¦ã£ãŸã‚‰ä¾¿åˆ©ã ã£ãŸã€‚ githubã¯ã“ã‚Œã€‚ https://github.com/vincentbernat/rfc5077 æ‰‹é †ã¯READMEã«æ›¸ã„ã¦ã‚ã‚‹ã‘ã©ã€ sudo yum install openssl-devel gnutls-devel nss-devel libpcap-devel libev-devel nspr-devel pkgconfig git clone https://github.com/vincentbernat/rfc5077.git cd ./rfc5077 git submodule init git submodule update makeã§å®Œäº†ã€‚ã‚«ãƒ¬ãƒ³ãƒˆãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«/rfc5077-clientã¨ã„ã†ãƒ•ã‚¡ã‚¤ãƒ«ãŒå‡ºæ¥ã‚‹ã®ã§ã€ ./rfc5
dann 2014/11/23
ssl
ãƒªãƒ³ã‚¯
Speeding up TLS: enabling session reuse
Session reuse is one of the most important mechanisms to improve TLS performance: by submitting an appropriate blob to the server, a client can trigger an abbreviated handshake, improving latency and computation time. There exist two distinct ways to achieve session reuse: session identifiers as described in RFCâ€¯5246 and session tickets as depicted in RFCâ€¯5077. Update (2018-08) While the content o
dann 2014/11/23
ssl

performance
ãƒªãƒ³ã‚¯
SSL/TLSãƒ©ã‚¤ãƒ–ãƒ©ãƒªã®æ£ã—ã„ä½¿ã„æ–¹ï¼ˆã‚‚ã—ãã¯ã€ã‚³ãƒ¢ãƒ³ãƒãƒ¼ãƒ ã®æ¤œè¨¼ã«ã¤ã„ã¦ï¼‰
ã‚¹ãƒžãƒ›ã‚¢ãƒ—ãƒªã®å¸‚å ´æ‹¡å¤§ã«ä¼´ã„ã€ç›´æŽ¥SSL/TLSãƒ©ã‚¤ãƒ–ãƒ©ãƒªã‚’ä½¿ç”¨ã™ã‚‹ãƒ—ãƒã‚°ãƒ©ãƒ ã‚’æ›¸ãæ©Ÿä¼šã‚‚å¢—ãˆã¦ãã¦ã„ã‚‹ä»Šæ—¥ã“ã®é ƒã‹ã¨æ€ã„ã¾ã™ã€‚ SSL/TLSãƒ©ã‚¤ãƒ–ãƒ©ãƒªã‚’ä½¿ã†éš›ã«ã¯ã€æŽ¥ç¶šç¢ºç«‹æ™‚ã«ã‚µãƒ¼ãƒã®èªè¨¼ã‚’æ£ã—ãè¡Œã†å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚å…·ä½“çš„ã«ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãƒ—ãƒã‚°ãƒ©ãƒ ã§ä»¥ä¸‹ã®ï¼’ç¨®é¡žã®æ¤œè¨¼ã‚’è¡Œã†ã“ã¨ã«ãªã‚Šã¾ã™ã€‚ SSL/TLSãƒ©ã‚¤ãƒ–ãƒ©ãƒªãŒã‚µãƒ¼ãƒã®è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ã«æˆåŠŸã—ãŸã“ã¨ ã‚µãƒ¼ãƒã®è¨¼æ˜Žæ›¸ã«å«ã¾ã‚Œã‚‹ã‚³ãƒ¢ãƒ³ãƒãƒ¼ãƒ æ³¨1ãŒæŽ¥ç¶šã—ã‚ˆã†ã¨ã—ãŸã‚µãƒ¼ãƒã¨åŒä¸€ã§ã‚ã‚‹ã“ã¨ å‰è€…ã«ã¤ã„ã¦ã¯ã€OpenSSLã®å ´åˆã¯SSL_CTX_set_verifyã®å¼•æ•°ã«SSL_VERIFY_PEERã‚’æŒ‡å®šã™ã‚‹ãªã©ã—ã¦ã€ãƒ©ã‚¤ãƒ–ãƒ©ãƒªå´ã§å‡¦ç†ã‚’è¡Œã‚ã›ã‚‹ã“ã¨ãŒå¯èƒ½ã§ã™ï¼ˆè¨¼æ˜Žæ›¸ã®æ¤œè¨¼ã«å¤±æ•—ã—ãŸå ´åˆã¯SSL_connectãŒã‚¨ãƒ©ãƒ¼ã‚’è¿”ã—ã¾ã™ï¼‰ã€‚ ä¸€æ–¹ã€å¾Œè€…ã«ã¤ã„ã¦ã¯SSL/TLSãƒ©ã‚¤ãƒ–ãƒ©ãƒªã«ã‚ˆã£ã¦å·®ãŒã‚ã‚Šã€æ¤œè¨¼æ©Ÿèƒ½ã‚’æœ‰åŠ¹ã«ã™ã‚‹ãŸã‚ã«ç‰¹åˆ¥ãªå‘¼å‡ºãŒå¿…è¦ã ã£
dann 2014/01/28
ssl
ãƒªãƒ³ã‚¯
Application of GPU for High-performance Network Processing
SSLShader: Cheap SSL Acceleration with Commodity Processors Keon Jang+, Sangjin Han+, Seungyeop Han*, Sue Moon+, and KyoungSoo Park+ KAIST+ and University of Washington* Security of Paper Submission Websites 2 Security Threats in the Internet ï‚§ Public WiFi without encryption â€¢ Easy target that requires almost no effort ï‚§ Deep packet inspection by governments â€¢ Used for censorship â€¢ In the name of
dann 2013/10/21
ssl
ãƒªãƒ³ã‚¯
SSLãƒ‡ãƒ¼ã‚¿è»¢é€ã¨ãƒœãƒˆãƒ«ãƒãƒƒã‚¯ã«ã¤ã„ã¦
ã‚«ãƒ†ã‚´ãƒªãƒ¼ DX (2) ä¸€èˆ¬ (59) ç ”ç©¶ä¼š (6) åƒãæ–¹ (4) æŠ€è¡“ (352) Edge AI (2) Edge Computing (13) Erlang (1) FIWARE (2) Fog Computing (10) Infiniband (31) Internet of Things (32) Key Value Store (17) Linux (3) Linux KVM (10) Machine Learning (5) RealTime Web (14) SRE (3) Webã‚µãƒ¼ãƒ“ã‚¹ (42) ã‚¤ãƒ³ãƒ•ãƒ© (8) ã‚³ãƒ³ãƒ†ãƒŠ (4) ã‚¹ãƒˆãƒ¬ãƒ¼ã‚¸ (93) ãƒ‡ãƒ¼ã‚¿ã‚»ãƒ³ã‚¿ãƒ¼ (7) ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ (47) ãƒ‡ãƒ¼ã‚¿æµé€š (6) ãƒ†ãƒ¬ãƒ—ãƒ¬ã‚¼ãƒ³ã‚¹ (2) ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ (215) ä»®æƒ³åŒ– (111) ç½å®³ã‚³ãƒŸãƒ¥ãƒ‹ã‚±ãƒ¼ã‚·ãƒ§ãƒ³ (26) ç©ºé–“æƒ…å ± (30) é‡åã‚³ãƒ³ãƒ”ãƒ¥ãƒ¼ãƒ†ã‚£ãƒ³
dann 2013/10/21
ssl
ãƒªãƒ³ã‚¯
è¦‹ã›ã¦ã‚‚ã‚‰ãŠã†ã‹ã€Intelã®AES-NIã®æ€§èƒ½ã¨ã‚„ã‚‰ã‚’ ã€œOpenSSLã§ãƒ™ãƒ³ãƒã—ã¦ã¿ãŸã€œ - ..ãŸã‚Œã‚ã..
AES-NI ã®ä¹—ã£ã¦ã‚‹ãƒžã‚·ãƒ³ãŒä½¿ãˆãŸã®ã§ OpenSSL ã§ãƒ™ãƒ³ãƒãƒžãƒ¼ã‚¯ã—ã¦ã¿ãŸã€‚ çµæžœï¼šAES-NI ãªã— 80ã€œ90MB/s AES-NI ã‚ã‚Š 500ã€œ530MB/s ã€Œé€šå¸¸ã®ï¼•å€ã®ã‚¹ãƒ”ãƒ¼ãƒ‰ã§å‡¦ç†ã—ã¦ã¾ã™ï¼ã€ã€Œåœ§å€’çš„ã˜ã‚ƒãªã„ã‹ã€æˆ‘ãŒè»ã¯ã€ ã‚¢ã‚¯ã‚»ãƒ©ãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³å‘½ä»¤ã®åŠ¹æžœã£ã¦ã™ã”ã„ãï½— ç’°å¢ƒ ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸ openssl-1.0.0-20.el6_2.3.x86_64 OpenSSL 1.0.0-fips 29 Mar 2010 built on: Wed Mar 28 01:11:34 BST 2012 options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) blowfish(idx) compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THRE
dann 2013/08/12
ssl
ãƒªãƒ³ã‚¯
Overclocking mod_ssl | Paul Querna
At Velocity, I saw Adam Langley give a great presentation entitled Overclocking SSL. Last week Adam posted a distilled version of the Overclocking SSL presentation on his blog. He covers many topics for improving SSL performance. Unfortunately, his recommendations areÂ decidedlyÂ focused on how Google runs their servers, and not aÂ practicalÂ guide to how to improve your performance with a more standa
dann 2013/06/22
apache

ssl

performance
ãƒªãƒ³ã‚¯
1 2 3 æ¬¡ã®ãƒšãƒ¼ã‚¸