Original: https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf Translator: Shawn the R0ck, (after correcting themselves plus to the back) SSL /TLS Deployment Best Practices Ivan Risti?version 1.3 (September) Copyright? 2012-2013 Qualys SSL Labs abstraction: SSL/TLS is a seemingly simple technolog
encrypted HTTPS protocol, if the HTTPS communication packets are intercepted during transmission, we can decipher the information in these packets, there are some user name, password, cell phone number and other sensitive information, and if the use of HTTPS communication, even if the packet is intercepted, And we can't decipher what's inside.
Interpreting the SSL workflow
The browser sends an HTTPS request to the server;
Server to
SSL is a security protocol that provides privacy and integrity between communication applications that use TCP/IP. The Hypertext Transfer Protocol (HTTP) of the Internet uses SSL for secure communication.The data that is transferred between the client and the server is encrypted by using a symmetric algorithm such as DES or RC4. The public key algorithm (usually RSA) is used to obtain encryption key exchang
SSL/TLS Security Series: SSL/TLS Overview1. the SSL/TLS protocol is an important cornerstone of secure network communication. This series will briefly introduce the SSL/TLS Protocol, focusing on the security of the SSL/TLS Protocol, especially the correct implementation of t
SSL certificate configuration for Nginx1. Use OpenSSL to realize Certificate centerbecause you are using OpenSSL to set up a private certificate center, make sure that the following fields are the same in Certificate Center certificates, server side certificates, client certificates
Country name
or province name
locality name
organization Name
organizational unit name
Country name
or province name
locality name
organization Name
organ
modified, starting with 1.3. version1.3 (17september2013) Thefollowingchangesweremadeinthisversion:?recommend Replacing1024-bitcertificatesstraightaway.? recommendagainstsupportingsslv3.? removetherecommendationtouserc4tomitigatethebeast attackserver-side.? recommendthatrc4isdisabled.? recommendthat3desisdisabledinthenearfuture.? WarnabouttheCRIMEattackvariations (Timeandbreach).? recommendsupportingforwardsecrecy.? adddiscussionofecdsacertificates. Thanks for the valuable feedback and the draf
First, the detection server is open SSL
Copy Code code as follows:
Phpinfo ();
?>
Check the page OpenSSL column, if the column OpenSSL support value is enabled to indicate that SSL is turned on, otherwise it is off state.
Second, the way to open SSL
1. Open php.ini; Extension=php_openssl.dll to remove the preceding symbol.2. Restart Apache or
To successfully set up SSL security site key to have the following conditions.
1, need to obtain the server certificate from the trusted certificate mechanism ca.2, you must install the server certificate on the Web server.3. The SSL feature must be enabled on the Web server.4. The client (browser-side) must trust the same certification authority as the Web server, which requires the CA certificate to be in
The FTP client is FlashFTP.
The FTP server is Serv-U.
1. Enable SSL encryption protocol for Serv-UI. Create an SSL CertificateTo use the SSL function of Serv-U, you must support the SSL certificate. Although Serv-U has automatically generated an SSL certificate at the time o
See if SSL is supported
First, execute the following command on MySQL to query whether MySQL supports SSL:
Mysql> show VARIABLES like ' Have_ssl ';+---------------+-------+| variable_name | Value |+---------------+-------+| Have_ssl | YES |+---------------+-------+1 row in Set (0.02 sec)
When Have_ssl is YES, it means that the MySQL service already supports
As early as two years ago, Google search engine guide on the proposed if the site is an HTTPS URL (installation of SSL security certificate) in a certain condition factors will be the site's weight and ranking has a certain positive effect. In the following two years, our domestic search engine also began to be based on whether the site to join the SSL certificate a discussion, but from the user experience
SSL (Secure Sockets Layer, Secure Sockets Layer) is a security protocol that provides security and data integrity for network traffic. Developed by Netscape to secure data transmission over the Internet, data encryption (encryption) technology is used to make sure that information is not intercepted and tapped on the network.
SSL is currently supported by almost all browsers, but the supported versions are
Chiang has shared many of the free SSL security certificate applications and installations in previous posts, although most of the installations are based on VPS and server deployments. Due to the company's project needs in the recent period of time will be unstable overseas VPS, server sites are required to relocate to a better speed of the Asian node virtual host, and some sites have used SSL security cer
Security Socket Layer (SSL) has been under attack since Netscape was developed in 1994. Security and Integrity of X.509 Public Key Infrastructure have also encountered many problems recently. Despite many warnings about SSL security, if correctly deployed and configured, SSL can still be used to protect data transmission between insecure networks. In this article
Prepare a digital certificate for developmentGeneral Learning and development debugging occasions, will not casually use the formal SSL server certificate private key. Because server authentication is required for SSL, the SSL server must have a server certificate that is able to access the private key of the certificate. For
Start the SSL function of the Serv-u ftp Server
Serv-u ftp Server is a widely used FTP Server software. It provides SSL functions but is not enabled by default. FTP transfers data in plaintext mode. To ensure data security, it is necessary to enable its SSL function. The procedure is as follows.
Step 1: Create a certificate for your Serv-u ftp Server. To use the
First, SSL Overview The SSL protocol uses digital certificate and digital signature for two-terminal entity authentication, uses asymmetric encryption algorithm for key negotiation, encrypts data with symmetric encryption algorithm and transmits it to ensure the confidentiality of data, and verifies whether the data is tampered and forged in the transmission process by calculating the Digital digest. Thus,
The early SSLv2 was designed according to the classic PKI (public key Infrastructure), which by default assumed that a server (or an IP) would only provide a service, so at the time of the SSL handshake, the server side could be sure which certificate the client was requesting.However, it is not expected that the virtual host has developed vigorously, which resulted in an IP will correspond to multiple domain names. There are some solutions, such as a
SSL principle HTTP and HTTPS differences
HTTP default port is 80,https default port is 443;HTTP transmits data to plaintext, HTTPS transmits data is encrypted;
HTTP is the HTTP protocol that runs on top of TCP. All transmitted content is plaintext, the client and the server can not verify the identity of the other side;HTTPS is HTTP running over SSL/TLS, and
Read the ssl/tls feature introduction and level description If you're a bit preface, then let's start with a cheap SSL practice practicing. The following describes some free and inexpensive SSL certificates, cheap SSL certificates are actually very cheap, the free SSL certi
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.