このページの翻訳:
- 日本語 (ja)
- English (en)
最近の更新
- 02 Apache2で自己認証ssl [中間証明書の整合性確認]
最近の更新
OpenSSL 1.0.1以降
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES
httpd 2.2.23以降
http://www.apache.org/dist/httpd/CHANGES_2.2
CentOS5/RHEL5は、OpenSSLは0.9.8eのため、curlなどOpenSSLをベースにアウトバウンドのhttps通信を行う場合、SHA-2やTLS1.2には未対応です(SHA-2はOpenSSL 0.9.8o以降、TLS1.2はOpenSSL 1.0.1以降が必要)。
$ openssl s_client -connect wiki.fl8.jp:443 -tls1 CONNECTED(00000003) ・ ・ ・ --- SSL handshake has read 1569 bytes and written 353 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported
$ openssl s_client -connect wiki.fl8.jp:443 -tls1_2 CONNECTED(00000003) 140160114657096:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 7 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported
$ openssl s_client -connect wiki.fl8.jp:443 -tls1_1 CONNECTED(00000003) 139868423800648:error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:1275:SSL alert number 70 139868423800648:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:598: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported