ユーザ用ツール

サイト用ツール


サイドバー



最近の更新



Tag Cloud

タグ#
6
10
1
3
1
2
17
7
1
1
6
9
4
1
2
182
1
4
2
7
14
5
1
25
2
3
1
6
1
1
33
1
3
3
1
1
1
1
1
1
13
45
7
9
10
5
10
3
2
2
8
2
2
6
3
1
1
4
7
4
2
2
2
1
7
2
4
1
3
24
2
12
2
3
1
1
2
2
1
1
1
4
2
2
4
2
2
1
1
2
1
1
1
2
1
26
2
1
2
2
2
1
1
2
3
12
4
7
1
1
2
9
1
3
1
1
7
1
1
1
1
1
8
1
4
2
1
1
1
3
3
5
1
2
1
1
7
3
1
10
1
1
4
1
2
1
2
7
2
1
3
1
1
3
1
2
1
2
2
2
1
2
3
1
1
3
2
1
3
1
3
3
2
1
1
7
1
3
3
1
1
1
1
5
1
27
2
1
2
1
2
2
3
1
1
1
2
1
2
1
1
1
3
1
1
1
2
2
2
1
1

50_dialy:2017:12:25

2017.12.25 TLS1.2 OpenSSL 確認

OpenSSL 1.0.1以降
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES
httpd 2.2.23以降
http://www.apache.org/dist/httpd/CHANGES_2.2

CentOS5/RHEL5は、OpenSSLは0.9.8eのため、curlなどOpenSSLをベースにアウトバウンドのhttps通信を行う場合、SHA-2やTLS1.2には未対応です(SHA-2はOpenSSL 0.9.8o以降、TLS1.2はOpenSSL 1.0.1以降が必要)。

確認方法

OK

$ openssl s_client -connect wiki.kumolabo.com:443 -tls1
CONNECTED(00000003)
・
・
・
---
SSL handshake has read 1569 bytes and written 353 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported

NG

$ openssl s_client -connect wiki.kumolabo.com:443 -tls1_2
CONNECTED(00000003)
140160114657096:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
50_dialy/2017/12/25.txt · 最終更新: 2019/10/29 11:13 by matsui

Yesterday:270 Today:198 Total:11392