[B! TLS] kyabã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

kyab id:kyab

TLSã«é–¢ã™ã‚‹kyabã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (22)

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

${{author_name}}$

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

GitHub - droe/sslsplit at 0.5.0
kyab 2016/03/28
ssl

tls

security
ãƒªãƒ³ã‚¯
OpenSSL Cookbook | Feisty Duck
Chapter 1: Getting Started Getting Started Key and Certificate Management Server Configuration Creating a Private Certification Authority from Scratch Chapter 2: Testing with OpenSSL Sixteen sections cover testing of various aspects of TLS server configuration For all its warts, OpenSSL is one of the most successful and most important open source projects. Itâ€™s successful because itâ€™s so widely us
kyab 2016/03/14
openssl

SSL

TLS
ãƒªãƒ³ã‚¯
Mapping OpenSSL Cipher Suite Names to Official Names and RFCs
Mapping OpenSSL Cipher Suite Names to Official Names and RFCs OpenSSL, and a lot of software that uses it (httpd, nginx etc) have their own cipher suite names. To map from the OpenSSL cipher suite name, such as: ECDHE-ECDSA-AES256-SHA384 1) Look up the ID Use the OpenSSL ciphers(1) tool to look up the cryptographic suite selector code (2 hex values used to represent that cipher suite on the wire)
kyab 2016/03/01
Cipher Name ID[OpenSSL]

security

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

SSL

TLS
ãƒªãƒ³ã‚¯
Use SSLsplit to transparently sniff TLS/SSL connections - including non-HTTP(S) protocols - Philipp's Tech Blog
kyab 2015/12/10
SSLsplit Non-HTTPSã‚µãƒãƒ¼ãƒˆã®ã‚‚ã®

security

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

SSL

TLS

MITMProxy
ãƒªãƒ³ã‚¯
ã„ã‚ã„ã‚ãªSSL/TLSè¨å®šã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³ (JNSAé›»åç½²åWG å®Ÿä¸–ç•Œã®æš—å·ãƒ»èªè¨¼æŠ€è¡“å‹‰å¼·ä¼šè³‡æ–™)
1. Â© 2015 Kenji Urushima All rights reserved. ã„ã‚ã‚“ãªSSL/TLSè¨å®šã‚¬ã‚¤ãƒ‰ JNSAè‡¨æ™‚ã‚¹ã‚ãƒ«ã‚¢ãƒƒãƒ—TF å®Ÿä¸–ç•Œã®æš—å·ãƒ»èªè¨¼æŠ€è¡“ã«é–¢ã™ã‚‹å‹‰å¼·ä¼š æ–¼ï¼šNTTã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢(å“å·) æ—¥æ™‚ï¼š2015å¹´6æœˆ22æ—¥(æœˆ) 19:00-19:30 æ¼†å¶Œè³¢äºŒ JNSA é›»åç½²åWG(ã‚¾ãƒ³ãƒ“?)ãƒ¡ãƒ³ãƒ 2. Â© 2015 Kenji Urushima All rights reserved. 1 ãƒ»çµŒæ´ ãƒ»å¯Œå£«ã‚¼ãƒãƒƒã‚¯ã‚¹(2010ï½ž) ãƒ»ã‚¨ãƒ³ãƒˆãƒ©ã‚¹ãƒˆã‚¸ãƒ£ãƒ‘ãƒ³(2005ï½ž2010) ãƒ»ã‚»ã‚³ãƒ (1988ï½ž2005) ãƒ»èˆˆå‘³ï¼š PKI, Â TLS, Â é›»åç½²å, Â SSO, Â èªè¨¼, Â æš—å·, CSIRT, Â è„†å¼±æ€§æ¤œæŸ», Â ãƒ•ã‚©ãƒ¬ãƒ³ã‚¸ãƒƒã‚¯, ã‚¹ãƒžãƒ›, Â ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°, Â ãƒ“ãƒƒãƒˆã‚³ã‚¤ãƒ³ ãƒ»åˆ¥å ãƒ»è¨¼æ˜Žæ›¸ãƒãƒ³ã‚¿ãƒ¼ ãƒ»(TLS)æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã‚¦ã‚©ãƒƒãƒãƒ£ãƒ¼ ãƒ»å§”å“¡ã€æ¨™æº–
kyab 2015/06/24
TLS

SSL

ã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

security
ãƒªãƒ³ã‚¯
SSL(TLS)ã®DHã¨DHEã®é•ã„
702NK (1) 705NK (1) Activity (1) Adapter (2) add-on (1) AES (1) agile (3) amazon (2) Android (19) Android Studio (1) arm (2) assem bler (1) bash (2) Bluetooth (2) book (3) bridge (1) C (13) cache (2) canna (1) catch.com (1) codereview (4) CPU (3) cruisecontrol (1) current (1) cygwin (1) debian (2) debug (2) dictionary (1) disklabel (2) distcc (2) DMA (2) Dropbox (1) embedded (2) encfs (1) english (
kyab 2015/06/05
DHE,DH,DH-RSA,DHE-RSA

SSL

TLS

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

security
ãƒªãƒ³ã‚¯
TLSæš—å·è¨å®šã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³ å®‰å…¨ãªã‚¦ã‚§ãƒ–ã‚µã‚¤ãƒˆã®ãŸã‚ã«ï¼ˆæš—å·è¨å®šå¯¾ç–ç·¨ï¼‰ | æƒ…å ±ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ | IPA ç‹¬ç«‹è¡Œæ”¿æ³•äºº æƒ…å ±å‡¦ç†æŽ¨é€²æ©Ÿæ§‹
ã€ŒTLSæš—å·è¨å®šã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³ã€ã¯ã€TLSã‚µãƒ¼ãƒã®æ§‹ç¯‰è€…ã‚„é‹å–¶è€…ãŒé©åˆ‡ãªã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚’è€ƒæ…®ã—ãŸæš—å·è¨å®šãŒã§ãã‚‹ã‚ˆã†ã«ã™ã‚‹ãŸã‚ã®ã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³ã§ã™ã€‚ã€Œæ§˜ã€…ãªåˆ©ç”¨ä¸Šã®åˆ¤æ–ææ–™ã‚‚åŠ å‘³ã—ãŸåˆç†çš„ãªæ ¹æ‹ ã€ã‚’é‡è¦–ã—ã¦ã€TLSé€šä¿¡ã§ã®å®Ÿç¾ã™ã¹ãå®‰å…¨æ€§ã¨å¿…è¦ã¨ãªã‚‹ç›¸äº’æŽ¥ç¶šæ€§ã¨ã®ãƒˆãƒ¬ãƒ¼ãƒ‰ã‚ªãƒ•ã‚’è€ƒæ…®ã—ãŸ3ã¤ã®è¨å®šåŸºæº–ï¼ˆã€Œé«˜ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£åž‹ã€ã€ŒæŽ¨å¥¨ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£åž‹ã€ã€Œã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ä¾‹å¤–åž‹ã€ï¼‰ã‚’è¨ã‘ã¦ãŠã‚Šã€å„ã€…ã®è¨å®šåŸºæº–ã«å¯¾å¿œã—ã¦ã€TLSã‚µãƒ¼ãƒã§è¨å®šã™ã¹ãå…·ä½“çš„ãªè¦æ±‚è¨å®šï¼ˆã€Œéµå®ˆé …ç›®ã€ã¨ã€ŒæŽ¨å¥¨é …ç›®ã€ï¼‰ã‚’æ±ºã‚ã¦ãŠã‚Šã¾ã™ã€‚ æœ¬ã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³ã¯å®‰å…¨ãªã‚¦ã‚§ãƒ–ã‚µã‚¤ãƒˆã®ä½œã‚Šæ–¹ã¨ã¨ã‚‚ã«é©åˆ‡ãªæš—å·è¨å®šã‚’ã™ã‚‹è³‡æ–™ã®ä¸€ã¤ã¨ã—ã¦ãŠä½¿ã„ã„ãŸã ã‘ã¾ã™ã€‚ ãªãŠã€æœ¬ã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³ã¯ã€æš—å·æŠ€è¡“è©•ä¾¡ãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆCRYPTRECã§ä½œæˆã•ã‚Œã¾ã—ãŸã€‚ ã€ŒTLSæš—å·è¨å®šã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³ã€ã®å†…å®¹ 1ç« ã¨2ç« ã¯ã€æœ¬ã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³ã®ç›®çš„ã‚„SSL/TLSã«ã¤ã„ã¦ã®æŠ€è¡“çš„ãªåŸºç¤ŽçŸ¥è˜ã‚’
kyab 2015/05/13
ssl

tls

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

security

IPA

ã‚¬ã‚¤ãƒ‰ãƒ©ã‚¤ãƒ³
ãƒªãƒ³ã‚¯
è¬›æ¼”ãƒ•ã‚©ãƒãƒ¼/PKIDay2015 - kurushima @ è‡ªå •è½ãªæŠ€è¡“è€…ã®ãƒ°ã‚(å…¬é–‹ç‰ˆ)
[[JNSA PKI Day 2015>http://www.jnsa.org/seminar/pki-day/2015/]]ã®è¬›æ¼”ã€ŒSSL/TLSç”Ÿèª•20å¹´ã€è„†å¼±æ€§ã¨å¯¾ç–ã‚’æŒ¯è¿”ã‚‹ã€ã¨ãƒ‘ãƒãƒ«ã€ŒSSL/TLSã®å®Ÿè£…ãŒé€²ã‚€ã¹ãé“ã‚’èªžã‚ã†ã€ã®è£œè¶³æƒ…å ±ã‚’ã€è¬›æ¼”å¾Œã«ã“ã®ãƒšãƒ¼ã‚¸ã§å…¬é–‹ã—ã¾ã™ã€‚ *è¬›æ¼”ã‚¹ãƒ©ã‚¤ãƒ‰ã®å·®ã—æ›¿ãˆ(2015å¹´4æœˆ10æ—¥(é‡‘) 15:48) è¬›æ¼”ã€ŒSSL/TLSç”Ÿèª•20å¹´ã€è„†å¼±æ€§ã¨å¯¾ç–ã‚’æŒ¯è¿”ã‚‹ã€ã«ã¤ãã¾ã—ã¦ã€[[JNSAã‚µã‚¤ãƒˆ>http://www.jnsa.org/seminar/pki-day/2015/]]ã§å…¬é–‹ã—ã¦ã„ã‚‹ã‚‚ã®ã‹ã‚‰ã€ã‚¹ãƒ©ã‚¤ãƒ‰ã‚’6æžšè¿½åŠ ã•ã›ã¦é ‚ãã¾ã—ãŸã€‚æœ€æ–°ç‰ˆãŒJNSAã‚µã‚¤ãƒˆã§ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã§ãã¾ã™ã®ã§ã”åˆ©ç”¨ãã ã•ã„ã€‚ - [[JNSAã‚µã‚¤ãƒˆæœ€æ–°ãƒžãƒ¼ã‚¸ç‰ˆPDF(1.8MB)>http://www.jnsa.org/seminar/pki-day/2015/data/2
kyab 2015/04/10
SSLæŒ¯ã‚Šè¿”ã‚Š

security

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

20å¹´

SSL

TLS
ãƒªãƒ³ã‚¯
[PDF]SSL/TLSç”Ÿèª•20å¹´ã€è„†å¼±æ€§ã¨å¯¾ç–ã‚’æŒ¯è¿”ã‚‹ | PKI Day 2015
Â© 2015 Fuji Xerox Co., Ltd. All rights reserved. JNSA Â PKIç›¸äº’é‹ç”¨WGãƒ»é›»åç½²åWGå…±å‚¬ã‚»ãƒŸãƒŠãƒ¼ PKI Â Day Â 2015 Â ã‚µã‚¤ãƒãƒ¼ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã®è¦ã¨ãªã‚‹PKIã‚’è¦‹ç›´ã™ SSL/TLSç”Ÿèª•20å¹´ã€è„†å¼±æ€§ã¨å¯¾ç–ã‚’æŒ¯è¿”ã‚‹ 2015å¹´4æœˆ10æ—¥(é‡‘) Â 13:40-14:15 æ–¼ï¼šãƒ’ãƒ¥ãƒ¼ãƒªãƒƒã‚¯ã‚«ãƒ³ãƒ•ã‚¡ãƒ¬ãƒ³ã‚¹ç§‹è‘‰åŽŸROOM1 æ¼†å¶Œ è³¢äºŒ, Â CISSP Â© 2014 Fuji Xerox Co., Ltd. All rights reserved. 1 ãƒ»çµŒæ´ ãƒ»å¯Œå£«ã‚¼ãƒãƒƒã‚¯ã‚¹(2010ï½ž) ãƒ»ã‚¨ãƒ³ãƒˆãƒ©ã‚¹ãƒˆã‚¸ãƒ£ãƒ‘ãƒ³(2005ï½ž2010) ãƒ»ã‚»ã‚³ãƒ (1988ï½ž2005) ãƒ»èˆˆå‘³ï¼š PKI, Â TLS, Â é›»åç½²å, Â SSO, Â èªè¨¼, Â æš—å·, CSIRT, Â è„†å¼±æ€§æ¤œæŸ», Â ãƒ•ã‚©ãƒ¬ãƒ³ã‚¸ãƒƒã‚¯, ã‚¹ãƒžãƒ›, Â ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°, Â ãƒ“ãƒƒãƒˆã‚³
kyab 2015/04/10
SSLæŒ¯ã‚Šè¿”ã‚Š

security

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

20å¹´

SSL

TLS
ãƒªãƒ³ã‚¯
sslscanã§ã‚µãƒ¼ãƒã®SSL/TLSçŠ¶æ…‹ã‚’ç°¡å˜ã«ãƒã‚§ãƒƒã‚¯ã™ã‚‹ - ã‚ã°é›»åãŒè©°ã¾ã¤ã¦ã‚ã‚‹
æœ€è¿‘ã¯SSL/TLSã®ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£å•é¡ŒãŒå¤šç™ºã—ã¦ã„ã‚‹ãŸã‚ã€è‡ªåˆ†ã§é‹ç”¨ã—ã¦ã„ã‚‹ã‚µãƒ¼ãƒã®SSL/TLSã®è¨å®šã‚’ãƒ†ã‚¹ãƒˆã—ãŸã„ã¨ã„ã†äººã¯å¤šã„ã¨æ€ã„ã¾ã™ã€‚ SSL/TLSã®çŠ¶æ…‹ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ã«ã¯ã€Qualys SSL Labsã®SSL Server TestãŒã‚ˆãä½¿ã‚ã‚Œã¾ã™ã€‚ã—ã‹ã—ã“ã‚Œã¯å¤–éƒ¨ã‹ã‚‰ç¬¬ä¸‰è€…ã«ã‚¹ã‚ãƒ£ãƒ³ã•ã›ã‚‹ã‚ã‘ã§ã™ã‹ã‚‰ã€(å¿ƒç†çš„ãƒ»ç¤¾å†…æ”¿æ²»çš„ãª)æ•·å±…ãŒé«˜ã„ã¨ã„ã†ç‚¹ã‚‚ã‚ã‚Šã¾ã™ã—ã€ãã‚‚ãã‚‚ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆå´ã‹ã‚‰ç›´æŽ¥æŽ¥ç¶šã§ããªã„ç’°å¢ƒã®ãƒ†ã‚¹ãƒˆãŒè¡Œãˆã¾ã›ã‚“ã€‚ ãã“ã§ã€IPã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’æŒ‡å®šã™ã‚‹ã ã‘ã§ã‚ˆã‚ã—ãå¯¾è±¡ã®SSL/TLSã‚µãƒ¼ãƒã®çŠ¶æ…‹ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¦ãã‚Œã‚‹ãƒ„ãƒ¼ãƒ«ãŒã‚ã‚‹ã¨ä¾¿åˆ©ã ãªã€ã¨ã„ã†ã“ã¨ã«ãªã‚Šã¾ã™ã€‚æœ¬ç¨¿ã§ã¯ã€ã“ã®ã‚ˆã†ãªç›®çš„ã«åˆ©ç”¨ã•ã‚Œã‚‹sslscanã¨ã„ã†ã‚³ãƒžãƒ³ãƒ‰ã‚’ç´¹ä»‹ã—ã¾ã™ã€‚ sslscanã¯Linuxã§å‹•ä½œã—ã€ãƒšãƒãƒˆãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ãƒ†ã‚¹ãƒˆç”¨ã«ä½¿ã‚ã‚Œã‚‹Kali Linuxã«ã‚‚ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã•ã‚Œã¦ã„ã‚‹ãŠæ‰‹è»½ãªSS
kyab 2015/03/21
sslscanã®è§£èª¬

security

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

sslscan

ssl

tls
ãƒªãƒ³ã‚¯
HTTP/2ã‹ã‚‰è¦‹ãˆã‚‹TLSäº‹æƒ… - ã‚ã©ã‘ãªã„è©±
ã“ã‚Œã¯ HTTP/2 ã‚¢ãƒ‰ãƒ™ãƒ³ãƒˆã‚«ãƒ¬ãƒ³ãƒ€ãƒ¼19æ—¥ç›®ã®è¨˜äº‹ã§ã™ã€‚ ã“ã®è¨˜äº‹ã¯ãŸãã•ã‚“ã®è³‡æ–™ã‚’èªã‚“ã ä¸Šã§æ›¸ãã¾ã—ãŸãŒã€é–“é•ã„ã¨ã‹å‹˜é•ã„ã¨ã‹ãŒã‚ã‚‹ã‹ã‚‚ã—ã‚Œã¾ã›ã‚“ã€‚ã‚‚ã—ã‚ã‚Œã°ã€æŒ‡æ‘˜ã—ã¦ã„ãŸã ã‘ã‚‹ã¨å¹¸ã„ã§ã™ã€‚ å®Ÿè³ªçš„ã«å¿…é ˆã¨ãªã£ãŸTLS HTTP/2ã¯ã€HTTP/1.1ã¨åŒã˜ãã€æš—å·åŒ–ãªã—/ã‚ã‚Šã®ãƒãƒ¼ãƒˆã¨ã—ã¦ã€80ã¨443ã‚’ä½¿ã„ã¾ã™ã€‚ãã®ãŸã‚ã€é€šä¿¡é–‹å§‹æ™‚ã«HTTP/1.1ã¨HTTP/2ã‚’ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã™ã‚‹ãŸã‚ã®ä»•çµ„ã¿ãŒã€HTTP/2ã§å®šã‚ã‚‰ã‚Œã¦ã„ã¾ã™ã€‚ ã“ã®ã‚ˆã†ã«ä»•æ§˜ã¨ã—ã¦ã¯æš—å·åŒ–ãªã—ã®HTTP/2ãŒå®šç¾©ã•ã‚Œã¦ã„ã¾ã™ãŒã€Firefox ã‚„ Chrome ãŒ TLS ã‚’è¦æ±‚ã™ã‚‹ãŸã‚ã«ã€å®Ÿè³ªçš„ã¯æš—å·åŒ–ã‚ã‚ŠãŒå¿…é ˆã¨ãªã£ã¦ã„ã¾ã™ã€‚ã“ã‚Œã¯ã€ç±³å›½ã®ç›£è¦–ãƒ—ãƒã‚°ãƒ©ãƒ PRISMã«ä»£è¡¨ã•ã‚Œã‚‹åºƒåŸŸç›£è¦–(pervasive surveillance)ã«å¯¾æŠ—ã™ã‚‹ãŸã‚ã«ã€IETFãŒã•ã¾ã–ã¾ãªé€šä¿¡ã«ãƒ—ãƒ©ã‚¤ãƒã‚·ã®å¼·åŒ–ã‚’è¦æ±‚ã™ã‚‹æ–¹
kyab 2014/12/19
ã€Œå€‹äººçš„ã«ã¯ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ä»¥é™åˆ©ç”¨ã—ãªã„ç§˜å¯†éµã‚’ãƒ¡ãƒ¢ãƒªä¸ã«ä¿å˜ã—ã¦ã„ã‚‹å®Ÿè£…ãŒãŠã‹ã—ã„ã€ã‚“ãƒ¼ã§ã‚‚ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒæ¬¡ã€…æ¥ã¦ã€ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã‚‚ä½•å›žã‚‚ç™ºç”Ÿã™ã‚‹ã‹ã‚‰ã‚ã‚‹ã¦ã„ã©ã¯ã—ã‚‡ã†ãŒãªããªã„ï¼Ÿ

security

HTTP

ssl

tls

http2.0

network
ãƒªãƒ³ã‚¯
è‡ªå •è½ãªæŠ€è¡“è€…ã®æ—¥è¨˜ : Internet Week 2014ãƒ‘ãƒãƒ«ã§è©±ã—ãã³ã‚ŒãŸãƒã‚¿2: ã‚¤ãƒ³ãƒˆãƒ©å†…ã§SSLã‚µãƒ¼ãƒãƒ¼è¨å®šã‚’ç¢ºèªã™ã‚‹ãƒ„ãƒ¼ãƒ«sslaudit - livedoor Blogï¼ˆãƒ–ãƒã‚°ï¼‰
å…ˆé€±ã®Internet Week 2014ã§HTTPSã‚µãƒ¼ãƒãƒ¼è¨å®šã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®ãƒ‘ãƒãƒ«ãƒ‘ãƒãƒ«ã§è¨€ãˆãªã‹ã£ãŸäº‹ã®ç¬¬äºŒå¼¾ã§ã™ã€‚ è‡ªåˆ†ã®ã‚µã‚¤ãƒˆãŒå…¬é–‹ã‚µã‚¤ãƒˆã§ã‚ã‚‹å ´åˆã«ã¯Qualys SSLLabsã®ã‚µã‚¤ãƒˆã‚’ä½¿ã£ã¦å¤–éƒ¨ã‹ã‚‰SSLã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã®è¨å®šã‚’ç¢ºèªã™ã‚Œã°ã‚ˆã„ã‚“ã§ã™ãŒã€ã‚¤ãƒ³ãƒˆãƒ©å†…ã®å ´åˆã«ã¯åŽ„ä»‹ã§ã™ã‚ˆãã€‚ãƒ‘ã‚±ãƒƒãƒˆã‚ãƒ£ãƒ—ãƒãƒ£ã§èª¿ã¹ã‚‹ã‚ã‘ã«ã‚‚ã„ã‹ãªã„ã—ã€OpenSSLã®s_clientã§æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆä¸€ã¤ä¸€ã¤ãƒã‚¯ãƒã‚¯èª¿ã¹ã‚‹ã®ã¯é¢å€’ã ã—ã€‚ ãã‚“ãªæ™‚ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã«WindowsãŒä½¿ãˆã‚Œã°www.g-sec.luã§å…¬é–‹ã—ã¦ã„ã‚‹sslauditã¨ã„ã†ãƒ„ãƒ¼ãƒ«ãŒä¾¿åˆ©ã§ã™ã€‚ æ¤œæŸ»å¯¾è±¡ã®ã‚µãƒ¼ãƒãƒ¼(IPã‚¢ãƒ‰ãƒ¬ã‚¹ã§ã‚‚å¯)ã¨ãƒãƒ¼ãƒˆ(ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ã¯443)ã‚’æŒ‡å®šã—ã¦ã€ã€ŒStartã€ãƒœã‚¿ãƒ³ã‚’æŠ¼ã™ã ã‘ã§ã™ã€‚åˆ©ç”¨å¯èƒ½ãªã‚‚ã®ã ã‘ã‚’è¡¨ç¤ºã™ã‚‹å ´åˆã«ã¯ã€ŒDisplay supported ciphersã€ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¦ã‹ã‚‰ã‚¹ã‚¿ãƒ¼ãƒˆã™ã‚‹
kyab 2014/11/23
ã‚¤ãƒ³ãƒˆãƒ©ç”¨ã€‚SSL Labsé¢¨ã«ãƒ©ãƒ³ã‚¯ä»˜ã‘ã—ã¦ãã‚Œã‚‹ã‚„ã¤ãªã„ã‹ãªã€‚

æš—å·

ssl

tls

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

security
ãƒªãƒ³ã‚¯
è‡ªå •è½ãªæŠ€è¡“è€…ã®æ—¥è¨˜ : Internet Week 2014ãƒ‘ãƒãƒ«ã§è©±ã—ãã³ã‚ŒãŸãƒã‚¿: çµ±è¨ˆæƒ…å ±ã§ã¿ã‚‹SSL/TLS - livedoor Blogï¼ˆãƒ–ãƒã‚°ï¼‰
åŸºæœ¬ã¯å–°ã£ã¦ã‚‹ã‹é£²ã‚“ã§ã‚‹ã‹ã§ã™ãŒã€ã‚ˆãè¶£å‘³ã§ã‚«ãƒ©ã‚ªã‚±ãƒ»PKIãƒ»ç½²åãƒ»èªè¨¼ãƒ»ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°ãƒ»æƒ…å ±ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚’ã‚„ã£ã¦ã„ã¾ã™ã€‚æ—…å¥½ãã€‚ãƒ†ãƒ¬ãƒ“å¥½ãã§èŠ¸èƒ½é€š å…ˆé€±ã®Internet Week 2014ã§HTTPSã‚µãƒ¼ãƒãƒ¼è¨å®šã®è©±ã‚’ã•ã›ã¦é ‚ãã¾ã—ãŸã€‚ãŠè¶Šã—é ‚ã„ãŸæ–¹ã€ã‚ã‚ŠãŒã¨ã†ã”ã–ã„ã¾ã—ãŸã€‚ãƒžãƒ‹ã‚¢ãƒƒã‚¯ãªå†…å®¹ã ã£ãŸã®ã§ã™ãŒã€ä½•ã‹å‚è€ƒã«ãªã‚‹æ‰€ãŒã‚ã‚Œã°å¬‰ã—ã„ã§ã™ã€‚ ã•ã¦ã€ä»Šæ—¥ã¯ãƒ‘ãƒãƒ«ãƒã‚¿ã§ä»•è¾¼ã‚“ã§ãŠã„ãŸã®ã«é™½ã®ç›®ã‚’è¦‹ãªã‹ã£ãŸè©±ã‚’ã¡ã‚‡ã£ã¨ãƒ–ãƒã‚°ã§æ›¸ã“ã†ã¨æ€ã„ã¾ã™ã€‚SSL/TLSé–¢é€£ã§çµ±è¨ˆãƒ‡ãƒ¼ã‚¿ã¿ãŸã„ãªã‚‚ã®ã‚’å‡ºã—ã¦ã„ã‚‹ã‚µã‚¤ãƒˆãŒå¹¾ã¤ã‹ã‚ã£ã¦ã€ãã“ã‹ã‚‰ä¸–ã®ä¸ã®å‚¾å‘ãŒã‚ã‹ã£ãŸã‚Šã€ãã‚Œã‚’å…ƒã«è‡ªåˆ†ã®ã‚µãƒ¼ãƒãƒ¼ã¯ã©ã†è¨å®šã™ã‚‹ã‹ãªãã€ãªã©ã¨è€ƒãˆã‚‹ã®ã«å½¹ã«ç«‹ã¤ã®ã§ã¯ã¨æ€ã„ç´¹ä»‹ã—ãŸã„ã¨æ€ã„ã¾ã™ã€‚ SSL Pulse ã¾ãšæœ€åˆã«ç´¹ä»‹ã—ãŸã„ã®ãŒSSL Pulseã¨ã„ã†ã‚µã‚¤ãƒˆã§ã™ã€‚ å‡ºå…¸ï¼šSSL Pulse https://www.tr
kyab 2014/11/23
ã‚µã‚¤ãƒˆã®çŠ¶æ³

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

ssl

TLS

security
ãƒªãƒ³ã‚¯
Qualys SSL Labs
HOW WELL DO YOU KNOW SSL? If you want to learn more about the techno logy that protects the Internet, youâ€™ve come to the right place. Books Bulletproof SSL and TLS is a complete guide to deploying secure servers and web applications. This book, which provides comprehensive coverage of the ever-changing field of SSL/TLS and Web PKI, is intended for IT security professionals, system administrators, a
kyab 2014/11/14
server/client test

ssl

tls

security
ãƒªãƒ³ã‚¯
Changed default settings of ext/openssl
Posted by usa on 27 Oct 2014 We changed the default setting of ext/openssl in Ruby 2.1.4, Ruby 2.0.0-p594 and Ruby 1.9.3-p550. With this change, insecure SSL/TLS options are now disabled by default. However, by this change, there is a possibility of some probl ems in the SSL connection. Details OpenSSL still implements protocols and ciphers that are considered insecure today by historical circumsta
kyab 2014/10/28
Rubyã‚‚POODLEå¯¾ç–ãªã©ã§SSL3.0ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆç„¡åŠ¹åŒ–

ruby

ssl

TLS

security

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

POODLE
ãƒªãƒ³ã‚¯
è‡ªå •è½ãªæŠ€è¡“è€…ã®æ—¥è¨˜ : æ§˜ã€…ãªã‚µãƒ¼ãƒãƒ¼ã®POODLE SSLv3è„†å¼±æ€§(CVE-2014-3566)å¯¾ç–ã®ã¾ã¨ã‚(æ›´æ–°3) - livedoor Blogï¼ˆãƒ–ãƒã‚°ï¼‰
åŸºæœ¬ã¯å–°ã£ã¦ã‚‹ã‹é£²ã‚“ã§ã‚‹ã‹ã§ã™ãŒã€ã‚ˆãè¶£å‘³ã§ã‚«ãƒ©ã‚ªã‚±ãƒ»PKIãƒ»ç½²åãƒ»èªè¨¼ãƒ»ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°ãƒ»æƒ…å ±ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚’ã‚„ã£ã¦ã„ã¾ã™ã€‚æ—…å¥½ãã€‚ãƒ†ãƒ¬ãƒ“å¥½ãã§èŠ¸èƒ½é€š ã‚‚ãã˜ 1. ã¯ã˜ã‚ã« 2. SSLv3ã‚’ç„¡åŠ¹åŒ–ã§ãã‚‹å ´åˆã®ã‚µãƒ¼ãƒãƒ¼å¯¾ç– 2.1. Apache HTTPD Server + mod_ssl 2.2. Apache HTTPD Server + mod_nss 2.3. nginx 2.4. lighttpd 2.5. Microsoft IIS 2.6. (è¨‚æ£)Apache Tomcat (Java JSSE) 2.7. Node.js 2.8. IBM HTTP Server 2.9. Amazon Web Services 2.10. ãã®ä»–ã®ã‚µãƒ¼ãƒãƒ¼ 2.11. SSLv3 ã‚’ç„¡åŠ¹åŒ–ã™ã‚‹ãƒªã‚¹ã‚¯ 2.12. OpenLDAP 3. è«¸èˆ¬ã®äº‹æƒ…ã§ SSLv3 ã‚’æœ‰åŠ¹ã«ã›ã–ã‚‹ã‚’å¾—ãªã„å ´
kyab 2014/10/18
POODLE

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

ssl

TLS

security
ãƒªãƒ³ã‚¯
SSL 3.0 ã®è„†å¼±æ€§ ï¼ˆPOODLEï¼‰ å¯¾ç–ã§ Web ã‚µãƒ¼ãƒã® SSL 3.0 ã‚’ç„¡åŠ¹ã«ã—ãŸä»¶ã¨ãƒ–ãƒ©ã‚¦ã‚¶å´ã®å¯¾å‡¦ã¾ã¨ã‚
SSL 3.0 ã®è„†å¼±æ€§ ï¼ˆPOODLEï¼‰ å¯¾ç–ã§ Web ã‚µãƒ¼ãƒã® SSL 3.0 ã‚’ç„¡åŠ¹ã«ã—ãŸä»¶ã¨ãƒ–ãƒ©ã‚¦ã‚¶å´ã®å¯¾å‡¦ã¾ã¨ã‚ SSL 3.0 ã«å˜åœ¨ã™ã‚‹è„†å¼±æ€§ã€é€šç§° ã€ŒPOODLEã€ ã«é–¢é€£ã—ã¦ã€è‡ªåˆ†ãŒç®¡ç†ã—ã¦ã„ã‚‹ Web ã‚µãƒ¼ãƒ ï¼ˆApacheï¼‰ ã® SSL 3.0 ã‚’ç„¡åŠ¹ã«ã—ãŸéš›ã®è¨å®šæ–¹æ³•ã¨ã€å„ãƒ–ãƒ©ã‚¦ã‚¶ã”ã¨ã« SSL 3.0 ã‚’ç„¡åŠ¹ã«ã™ã‚‹æ–¹æ³•ãªã©ã‚’ã¾ã¨ã‚ã¦ã„ã¾ã™ã€‚ 2014å¹´ 10æœˆ 14æ—¥ ã«ç™ºè¡¨ã•ã‚ŒãŸã€ŒSecure Sockets Layerï¼ˆSSLï¼‰ã€ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ 3.0 ï¼ˆSSL 3.0ï¼‰ ã«å˜åœ¨ã™ã‚‹è„†å¼±æ€§ ï¼ˆCVE-2014-3566ï¼‰ã€é€šç§° ã€ŒPOODLE ï¼ˆPadding Oracle On Downgraded Legacy Encryptionï¼‰ã€ ã§ã™ãŒã€ã“ã‚Œã«é–¢é€£ã—ã¦ã€è‡ªåˆ†ã§ç®¡ç†ã—ã¦ã„ã‚‹ Web ã‚µãƒ¼ãƒ ï¼ˆApacheï¼‰ ã® SSL 3.0 ã‚’ç„¡åŠ¹ã«ã—ã¾ã—ãŸã€‚ ã
kyab 2014/10/17
POODLE

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£

TLS

ssl
ãƒªãƒ³ã‚¯
TLS Protocol Version 1.2
kyab 2014/10/17
SSL/TLSã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã€‚"some server implementations are known to implement version negotiation incorrectly"

Security

SSL

TLS

POODLE
ãƒªãƒ³ã‚¯
Speeding up and strengthening HTTPS connections for Chrome on Android
The latest news and insights from Google on security and safety on the Internet Patrick McFarland said... No Linux distro seems to ship an OpenSSL with those patches applied yet. April 25, 2014 at 6:17â€¯AM Unknown said... While I am glad to hear that and I know Google has access to the brighest brains, probably even outdoing Microsoft as an employer in this respect: since the NSA revelation by a ce
kyab 2014/08/23
TLSã®æš—å·åŒ–ã«ChaCha20_Poly1305å§‹ã‚ã¾ã—ãŸã£ã¦ã‚„ã¤ã€‚

Google

Security

SSL

TLS
ãƒªãƒ³ã‚¯
è‡ªå •è½ãªæŠ€è¡“è€…ã®æ—¥è¨˜ : ECDHE - livedoor Blogï¼ˆãƒ–ãƒã‚°ï¼‰
åŸºæœ¬ã¯å–°ã£ã¦ã‚‹ã‹é£²ã‚“ã§ã‚‹ã‹ã§ã™ãŒã€ã‚ˆãè¶£å‘³ã§ã‚«ãƒ©ã‚ªã‚±ãƒ»PKIãƒ»ç½²åãƒ»èªè¨¼ãƒ»ãƒ—ãƒã‚°ãƒ©ãƒŸãƒ³ã‚°ãƒ»æƒ…å ±ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ã‚’ã‚„ã£ã¦ã„ã¾ã™ã€‚æ—…å¥½ãã€‚ãƒ†ãƒ¬ãƒ“å¥½ãã§èŠ¸èƒ½é€š SSL/TLS CipherSuiteã‚¦ã‚©ãƒƒãƒãƒ£ãƒ¼ã®@kjurã§ã™ã€‚ TechCrunch JPã«æ˜¨æ—¥ã“ã‚“ãªè¨˜äº‹ãŒæŽ²è¼‰ã•ã‚Œã¾ã—ãŸã€‚ TwitterãŒå°†æ¥ã®æš—å·è§£èªã‚’é˜²ããŸã‚å…¨ã‚µã‚¤ãƒˆã«ã‚ãŸã£ã¦Perfect Forward Secrecyã‚’æŽ¡ç”¨ (2013å¹´11æœˆ23æ—¥) http://jp.techcrunch.com/2013/11/23/20131122twitter-enables-perfect-forward-secrecy-across-sites-to-protect-user-data-against-future-decryption/ æœ€è¿‘ã€SSL/TLS ã®CipherSuiteã«ã¤ã„ã¦ã€ã„ã‚ã„ã‚è¶£å‘³ã§èª¿ã¹ã¦ã„ã‚‹ã‚“ã§ã™ãŒ
kyab 2014/08/23
FS(DH/ECDH)ã¨PFS(DHE/ECDHE)ã€‚ãƒ‘ãƒ•ã‚©ãƒ¼ãƒžãƒ³ã‚¹ã¨æš—å·å¼·åº¦ã«ã¤ã„ã¦

ssl

PFS

NSA

tls

security

ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£
ãƒªãƒ³ã‚¯
1 2 æ¬¡ã®ãƒšãƒ¼ã‚¸