javascript

java

python

c#

android

c++

node.js

php

html

jquery

ios

reactjs

css

.net

git

ruby-on-rails

sql

c

ruby

string

php-贝宝访问-SSL证书:无法获取本地发行者证书

我正在使用cUrl和PHP向服务器发出请求(用于PayPal访问)

Paypal开发者网站从未提及使用PayPal访问API需要SSL证书,但是我用来请求令牌的代码如下:

$options = array(
                CURLOPT_URL => $url,
                CURLOPT_POST => 1,
                CURLOPT_VERBOSE => 1,
                CURLOPT_POSTFIELDS => $postvals,
                CURLOPT_RETURNTRANSFER => 1,
                CURLOPT_SSLVERSION => 3
);

curl_setopt_array($ch, $options);

$response = curl_exec($ch); 
echo curl_error($ch);

此回显输出以下错误:

SSL certificate problem: unable to get local issuer certificate

我的问题是:

1)如果我只需要获取用户电子邮件,我是否需要SSL才能使用贝宝访问权限?

2)如果我不需要SSL,为什么会发生此错误?

PS:端点如下:[https://www.sandbox.paypal.com/webapps/auth/protocol/openidconnect/v1/tokenservice]

trans by 2020-08-11T23:25:52Z

ssl证书-如何在ssl证书中添加使用者替代名称?

我正在使用openssl创建自签名证书。 我生成的证书出现此错误:javax.net.ssl.SSLHandshakeException:java.security.cert.CertificateException:没有主题替代名称

有谁知道在创建证书时如何指定“主题备用名称”?这就是我生成密钥库的方式:

sudo $JAVA_HOME/bin/keytool -genkey -dname "CN=192.168.x.xxx, OU=I, O=I, L=T, ST=On, C=CA" -alias tomcat -validity 3650 -keyalg RSA -keystore /root/.keystore -keypass abcd -storepass abcd

生成密钥:

 openssl s_client -connect 192.168.x.xxx:8443 2>/dev/null

请帮忙! 谢谢!

trans by 2020-08-11T16:16:21Z

nginx-使用ssl-support设置多个server_name

我很乐意使用nginx为具有多个域名和SSL的网站提供服务:

  • webmail.example.com
  • webmail.beispiel.de

两者都使用相同的虚拟主机,所以我只设置了server_name两次。问题是,我需要nginx为每个域名提供正确的ssl证书。

一个虚拟主机是否可以做到这一点,还是我需要设置两个虚拟主机?

trans by 2020-08-10T16:58:27Z

ios-NSURLSession“ HTTP加载失败kCFStreamErrorDomainSSL,-9813;自签名证书

我正在尝试将我的iOS应用程序连接到当前在网络中的本地主机上运行的HTTPS Rails应用程序。 我可以使用https://myIP:3000/display从浏览器访问网站,也可以在带有curl请求的命令行中访问该网站。 我正在尝试使用以下方式从我的应用程序访问它:

class FirstViewController: UIViewController {

    override func viewDidLoad() {
        super.viewDidLoad()
        //let url = NSURL(string: "https://another/Sinatra/website/feed")
        let url = NSURL(string: "https://myIP:3000/display")

        let request = NSURLRequest(URL: url!)
        let task = NSURLSession.sharedSession().dataTaskWithURL(url!)
        task!.resume()
    }

当我尝试访问sinatra网站时,我没有遇到任何麻烦,甚至可以使用正确的命令将JSON打印到控制台。 但是,当我将URL设置到Rails网站时,出现以下错误。

NSURLSession / NSURLConnection HTTP加载失败(kCFStreamErrorDomainSSL,-9813)

另外,我可以说我的本地主机Rails应用程序(在另一台计算机上)不是从iOS应用程序ping到的,而是从浏览器和curl命令进行ping的。

任何想法如何解决这一问题?

trans by 2020-08-10T00:00:29Z

ssl-简单的Java HTTPS

我需要为Java应用程序设置一个非常轻量级的HTTPS服务器。 这是一个模拟器,我们的开发实验室已在使用它来模拟野外某台设备接受的HTTPS连接。 因为它纯粹是一个轻量级的开发工具,并且根本不用于生产中,所以我很乐意绕过认证和尽可能多的谈判。

我打算在Java 6 SE中使用wget类,但是我正在努力使其正常运行。 作为测试客户端,我正在从cygwin命令行(wget https://[address]:[port])使用-d,但wget报告它“无法建立SSL连接”。

如果我运行带有3003907617128448449025选项的wget进行调试,则会告诉我“ SSL握手失败”。

我花了30分钟的时间进行搜索,所有内容似乎都指向了相当无用的Java 6文档,该文档描述了这些方法,但实际上并没有谈论如何使这些事情变得毫无用处或根本没有提供任何示例代码。

谁能向正确的方向推我?

trans by 2020-08-09T14:49:30Z

macos-如何修复curl:(60)SSL证书:无效的证书链

我在Mac OSX 10.9(Mavericks)上运行curl https://npmjs.org/install.sh | sh时遇到以下错误:

install npm@latest
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html

我该如何解决?

trans by 2020-08-09T04:58:08Z

smtp-STARTTLS与SSL / TL

邮件客户端提供STARTTLS和SSL / TLS这两种设置。 STARTTLS和SSL / TLS有什么区别?

trans by 2020-08-09T00:27:36Z

java-在Android上使用客户端/服务器证书进行双向身份验证SSL套接字

我正在一个需要客户端和服务器证书认证的Android应用程序上工作。 我创建了一个SSLClient类,该类在常规的台式机Java SE 6上运行良好。我将其移到了Android项目中,并收到以下错误:“找不到KeyStore JKS实现”。

我已经在网上看了一下,似乎有可能Android上不支持Java Keystore(太棒了!),但我感觉还有更多,因为我发现的示例代码都与我的不相似 正在尝试做的一切。 我发现的所有内容都涉及使用http客户端而不是原始SSL套接字。 我需要此应用程序的SSL套接字。

以下是我的SSLClient.java文件中的代码。 它读取密钥库和信任库,创建到服务器的SSL套接字连接,然后在等待服务器的输入行时运行循环,然后通过调用不同类中的方法来处理输入行。 我很高兴听到任何在Android平台上使用SSL套接字的经验的人。

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.security.AccessControlException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import otherpackege.OtherClass;

import android.content.Context;
import android.util.Log;

public class SSLClient 
{
    static SSLContext ssl_ctx;

    public SSLClient(Context context)
    {
        try
        {
            // Setup truststore
            KeyStore trustStore = KeyStore.getInstance("BKS");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            InputStream trustStoreStream = context.getResources().openRawResource(R.raw.mysrvtruststore);
            trustStore.load(trustStoreStream, "testtest".toCharArray());
            trustManagerFactory.init(trustStore);

            // Setup keystore
            KeyStore keyStore = KeyStore.getInstance("BKS");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            InputStream keyStoreStream = context.getResources().openRawResource(R.raw.clientkeystore);
keyStore.load(keyStoreStream, "testtest".toCharArray());
            keyManagerFactory.init(keyStore, "testtest".toCharArray());

            Log.d("SSL", "Key " + keyStore.size());
            Log.d("SSL", "Trust " + trustStore.size());

            // Setup the SSL context to use the truststore and keystore
            ssl_ctx = SSLContext.getInstance("TLS");
            ssl_ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);

            Log.d("SSL", "keyManagerFactory " + keyManagerFactory.getKeyManagers().length);
            Log.d("SSL", "trustManagerFactory " + trustManagerFactory.getTrustManagers().length);
        }
        catch (NoSuchAlgorithmException nsae)
        {
            Log.d("SSL", nsae.getMessage());
        }
        catch (KeyStoreException kse)
        {
            Log.d("SSL", kse.getMessage());
        }
        catch (IOException ioe)
        {
            Log.d("SSL", ioe.getMessage());
        }
        catch (CertificateException ce)
        {
            Log.d("SSL", ce.getMessage());
        }
        catch (KeyManagementException kme)
        {
            Log.d("SSL", kme.getMessage());
        }
        catch(AccessControlException ace)
        {
            Log.d("SSL", ace.getMessage());
        }
        catch(UnrecoverableKeyException uke)
        {
            Log.d("SSL", uke.getMessage());
        }

        try
        {
            Handler handler = new Handler();
            handler.start();
        }
        catch (IOException ioException) 
        {
            ioException.printStackTrace();
        }
     }  
}

//class Handler implements Runnable 
class Handler extends Thread
{
    private SSLSocket socket;
    private BufferedReader input;
    static public PrintWriter output;

    private String serverUrl = "174.61.103.206";
    private String serverPort = "6000";

    Handler(SSLSocket socket) throws IOException
    {

    }
    Handler() throws IOException
    {

    }

    public void sendMessagameInfoge(String message)
    {
        Handler.output.println(message);
    }

    @Override
    public void run() 
    {
        String line;

        try 
        {
            SSLSocketFactory socketFactory = (SSLSocketFactory) SSLClient.ssl_ctx.getSocketFactory();
            socket = (SSLSocket) socketFactory.createSocket(serverUrl, Integer.parseInt(serverPort));
            this.input = new BufferedReader(new InputStreamReader(socket.getInputStream()));
            Handler.output = new PrintWriter(new OutputStreamWriter(socket.getOutputStream()));
            Log.d("SSL", "Created the socket, input, and output!!");

            do
            {
                line = input.readLine();
                while (line == null)
                {
                    line = input.readLine();
                }

                // Parse the message and do something with it
                // Done in a different class
                OtherClass.parseMessageString(line);
            }
            while ( !line.equals("exit|") );
        }
        catch (IOException ioe)
        {
            System.out.println(ioe);
        }
        finally 
        {
            try 
            {
                input.close();
                output.close();
                socket.close();
            } 
            catch(IOException ioe) 
            {
            } 
            finally 
            {

            }
        }
    }
}

更新:
在这个问题上取得了一些进展。 发现确实不支持JKS,也没有直接选择SunX509类型。 我已经更新了上面的代码以反映这些更改。 我仍然有一个问题,显然没有加载密钥库和信任库。 我会在发现更多信息时进行更新。


更新2:
我正在以桌面Java方式而不是正确的Android方式加载密钥库和信任库文件。 这些文件必须放在res / raw文件夹中,并使用getResources()加载。 我现在得到的密钥库和信任库大小分别为1和1,这意味着它们正在加载。 我仍在崩溃,但是越来越近了! 我将在工作时进行更新。


更新3:
看起来一切正常,但我的密钥库设置不正确。 如果我在服务器上禁用了客户端身份验证,则它可以正常连接。 当我保持启用状态时,出现handling exception: javax.net.ssl.SSLHandshakeException: null cert chain错误。 因此,看来我没有正确设置证书链。 我已经发布了另一个问题,询问如何使用正确的证书链以BKS格式创建客户端密钥库:如何创建包含客户端证书链的BKS(BouncyCastle)格式Java密钥库

trans by 2020-08-08T21:31:44Z

ssl-Java SSLHandshakeException“没有共同的密码套件”

我正在使用SSLServerSocket接受我的openSUSE服务器上的客户端连接,但是它们都无法连接。 我总是得到一个SSLHandshakeException,说keytool -genkey -keyalg RSA -keystore ./keystore。我已经激活了所有可能的套件,启用了多个协议,并尝试了最新的oracle JRE和openjdk。 另外,我还关注了论坛和相关文章上的其他几篇文章,并“解锁”了Oracle jre中的所有密码套件,并像这样更改了openjdk jre的设置:

残障人士:keytool -genkey -keyalg RSA -keystore ./keystore并启用:security.provider.9=sun.security.ec.SunEC

这是我初始化SSLServerSocket的方式:

    System.setProperty("javax.net.ssl.keyStore", "./keystore");
    System.setProperty("javax.net.ssl.keyStorePassword", "nopassword");
    java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");

// Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] {
            new X509TrustManager() {
                public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
                }

                public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
                }

                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }
    };

    // Install the all-trusting trust manager
    SSLContext sc = SSLContext.getInstance("TLSv1.2");
    sc.init(null, trustAllCerts, new SecureRandom());
    SSLServerSocket ssl = (SSLServerSocket) sc.getServerSocketFactory().createServerSocket(
            DownloadFilelist.PORT);
    // Got rid of:
    //ssl.setEnabledCipherSuites(sc.getServerSocketFactory().getSupportedCipherSuites());
    ssl.setEnabledProtocols(new String[] {"TLSv1", "TLSv1.1", "TLSv1.2", "SSLv3"});

    // System.out.println(Arrays.toString(ssl.getEnabledCipherSuites()));

    s = ssl;
    // s = new ServerSocket(DownloadFilelist.PORT);
    s.setSoTimeout(TIMEOUT);

问题是我找不到客户想要的密码套件,而我也无法影响它。 我从keytool -genkey -keyalg RSA -keystore ./keystore开始了程序,这是结果。 你们中的某人可以找出问题所在吗?

编辑密钥库的生成与:keytool -genkey -keyalg RSA -keystore ./keystore

如果可以的话,请参见此页面上的代码(好像格式没有弄乱):

trigger seeding of SecureRandom
trigger seeding of SecureRandom
done seeding SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
main, setSoTimeout(2000) called
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1361763651 bytes = { 159, 113, 250, 254, 103, 37, 66, 234, 127, 4, 36, 240, 60, 252, 55, 112, 6, 224, 192, 181, 146, 163, 63, 148, 152, 255, 77, 8 }
Session ID:  {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 67
main, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
RandomCookie:  GMT: 1361763767 bytes = { 249, 20, 120, 68, 76, 110, 168, 235, 47, 91, 119, 64, 151, 242, 169, 191, 111, 105, 146, 90, 173, 223, 55, 127, 133, 12, 1, 247 }
Session ID:  {246, 66, 250, 209, 13, 188, 190, 246, 14, 49, 113, 183, 192, 202, 68, 246, 121, 162, 165, 71, 242, 220, 233, 223, 245, 47, 250, 215, 203, 94, 255, 148}
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
** TLS_RSA_WITH_AES_256_CBC_SHA
main, READ: TLSv1 Handshake, length = 933
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=dc.hadiko.de, O=hadiko dc, L=town, ST=land of the free, C=de
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 22613010171436639614880560956464961031555258188367451246658444583390999370970098210909007150132692078653881042731046316239498513359691936582885343174669796075601988313858262934995935649363223919652108615287224220030023261629874169998331654587246748976585212101810697310529416436829153514374554242128947092694064999520197281527578067183301918060451970607703466399571245107774569719996572643148013190800713656468629158991997127544540177983174906099325217344868710319256330960086862269228933938482311029685238274537823670267001618579382801319470736924423550865055775144486750164961588873175599114046362924859400297960451
  public exponent: 65537
  Validity: [From: Sat Jul 07 12:56:23 CEST 2012,
               To: Tue Jul 07 12:56:23 CEST 2015]
  Issuer: CN=dc.hadiko.de, O=hadiko dc, L=town, ST=land of the free, C=de
  SerialNumber: [    8682354f f94fbbb5]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 43 1D D9 A7 CF 21 2E 17   F3 4E EE F6 6C 6C 88 16  C....!...N..ll..
0010: 08 3C 67 8E                                        .<g.
]
]

[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 43 1D D9 A7 CF 21 2E 17   F3 4E EE F6 6C 6C 88 16  C....!...N..ll..
0010: 08 3C 67 8E                                        .<g.
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 14 83 48 D3 EC 39 49 E3   9C BC 20 F5 BF E4 32 33  ..H..9I... ...23
0010: 5F 09 8F 2D F2 C3 82 80   79 93 9A C1 97 93 92 D9  _..-....y.......
0020: D0 DA 4D B2 FC A1 43 60   1F B9 EA 4C 29 D7 79 D0  ..M...C`...L).y.
0030: 66 8C 25 14 EB 9D 60 94   D7 F4 15 33 8B 17 24 24  f.%...`....3..$$
0040: 5C 65 26 3D C3 B0 8A 51   B6 27 01 D1 A6 A3 68 87  \e&=...Q.'....h.
0050: 2D 6F 0B E6 00 96 B6 CF   BC E9 D2 9C 7E 19 9E E1  -o..............
0060: 3A 96 42 2E B7 E8 C0 70   01 99 20 39 89 6D 94 2B  :.B....p.. 9.m.+
0070: 76 2F F1 0E 6D 2D 9B 52   77 D3 63 6A 11 DC A3 E6  v/..m-.Rw.cj....
0080: 4E 0E 64 6D FA 77 BC 1E   4F C3 91 AD 21 F7 5D 31  N.dm.w..O...!.]1
0090: F9 04 A5 FA 34 EF 43 61   F1 42 32 5A 9B D1 16 84  ....4.Ca.B2Z....
00A0: 07 2B CA 01 AF 84 54 D2   A9 C4 3A 7A EA D1 2A 95  .+....T...:z..*.
00B0: 47 30 03 BA 48 C4 57 1F   78 58 6C 7A 56 60 40 2C  G0..H.W.xXlzV`@,
00C0: 6A 17 15 3F 43 A5 FB 81   4D 9D 1B DC A7 CE 78 D1  j..?C...M.....x.
00D0: 5A 66 97 79 04 55 DA 34   3C B2 CD 9A 62 EE 32 22  Zf.y.U.4<...b.2"
00E0: 70 84 0E 3E 5D 7F 91 0D   A5 D4 84 6B F3 E9 40 E9  p..>]......k..@.
00F0: E8 69 D7 E5 FC B6 0A 4C   35 66 CC BA E5 38 12 A0  .i.....L5f...8..

]
***
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 59 D3 0F F9 95 E8   DC E2 C2 4A 2B 93 79 55  ..Y........J+.yU
0010: 0B 1A 43 5E F4 0A 73 F1   13 E1 00 DF 78 55 F6 52  ..C^..s.....xU.R
0020: 4E 6A D3 2C F8 08 A1 B3   03 DF C9 5E 8C 14 8D 4E  Nj.,.......^...N
CONNECTION KEYGEN:
Client Nonce:
0000: 51 2B DD 43 9F 71 FA FE   67 25 42 EA 7F 04 24 F0  Q+.C.q..g%B...$.
0010: 3C FC 37 70 06 E0 C0 B5   92 A3 3F 94 98 FF 4D 08  <.7p......?...M.
Server Nonce:
0000: 51 2B DE B7 F9 14 78 44   4C 6E A8 EB 2F 5B 77 40  Q+....xDLn../[w@
0010: 97 F2 A9 BF 6F 69 92 5A   AD DF 37 7F 85 0C 01 F7  ....oi.Z..7.....
Master Secret:
0000: 3E 9E 24 42 3D E4 82 AF   AD 97 76 EF 06 EF FB FD  >.$B=.....v.....
0010: C8 1A D5 7E 8E A2 74 4D   E8 E7 B9 1E 60 E9 E0 6F  ......tM....`..o
0020: 09 E3 56 81 FC 2D 20 D9   69 6B 26 C3 0B C5 53 5F  ..V..- .ik&...S_
Client MAC write Secret:
0000: 04 30 70 7E A9 4A 1F 88   55 F8 31 31 75 36 40 35  .0p..J..U.11u6@5
0010: 25 65 24 5D                                        %e$]
Server MAC write Secret:
0000: 8B C1 65 50 6D 11 21 32   CD 50 3A AB 0F 2E A5 FC  ..ePm.!2.P:.....
0010: C7 30 E6 EC                                        .0..
Client write key:
0000: 25 D7 96 B0 9A 1F 49 95   06 4D 05 36 2E D0 38 04  %.....I..M.6..8.
0010: 0F 32 15 2E 8F 0A 6C 79   F8 ED E8 9B FE 5C 2C D8  .2....ly.....\,.
Server write key:
0000: 4A 91 5D DF B2 FE 6F 35   3E 8A 21 DF 17 E0 35 F0  J.]...o5>.!...5.
0010: DB 97 4C 7E 18 07 7E 27   DD AD BC C4 C4 28 C5 E1  ..L....'.....(..
Client write IV:
0000: B6 C1 98 05 9B 37 F9 0F   4E 0C 0F 6E 08 8A 26 C9  .....7..N..n..&.
Server write IV:
0000: 0E 83 27 3E 3B 40 E8 BE   4C 58 C4 5F EF E4 D3 4C  ..'>;@..LX._...L
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 23, 181, 134, 191, 68, 30, 119, 81, 239, 135, 238, 80 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data:  { 254, 182, 228, 50, 121, 214, 35, 175, 100, 128, 102, 152 }
***
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_256_CBC_SHA]
main, WRITE: TLSv1 Application Data, length = 48
HSent: HSUP ADBASE ADTIGR ADBLOM
main, READ: TLSv1 Application Data, length = 32
main, READ: TLSv1 Application Data, length = 48
main, READ: TLSv1 Application Data, length = 32
main, READ: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 288
ClientManager, READ: TLSv1 Application Data, length = 32
ClientManager, READ: TLSv1 Application Data, length = 96

[...] (Cut out becauseI exceeded body limit.)

ClientManager, READ: TLSv1 Application Data, length = 80
ClientManager, READ: TLSv1 Application Data, length = 32
ClientManager, READ: TLSv1 Application Data, length = 80
main, WRITE: TLSv1 Application Data, length = 32
main, WRITE: TLSv1 Application Data, length = 64
Allow unsafe renegotiation: true
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
A client, READ: SSLv3 Handshake, length = 112
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1361763651 bytes = { 47, 7, 95, 146, 25, 28, 95, 191, 146, 159, 184, 47, 149, 220, 67, 169, 121, 123, 252, 98, 0, 253, 108, 88, 108, 188, 52, 76 }
Session ID:  {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5]
Compression Methods:  { 0 }
Extension renegotiation_info, renegotiated_connection: <empty>
Extension signature_algorithms, signature_algorithms: Unknown (hash:0x4, signature:0x2), SHA256withRSA, SHA1withRSA, SHA1withDSA
***
%% Initialized:  [Session-2, SSL_NULL_WITH_NULL_NULL]
%% Invalidated:  [Session-2, SSL_NULL_WITH_NULL_NULL]
A client, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
A client, WRITE: TLSv1.2 Alert, length = 2
A client, called closeSocket()
A client, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common

输出包含一个连接到可以正常工作的另一台服务器,然后连接到我的服务器。 我无法删除另一个连接,因为我正在获取有关如何通过此连接进行连接的信息。 如果可以,我可以在首次连接后启用调试,但是我不知道如何...

我删除了所有不相关的输出(我创建的输出)。

更新:

我什至无法连接自己。 当我创建一个SSLServerSocket和一个SSLSocket在同一应用程序中连接到它时,会出现相同的错误。 但是,当我比较启用的密码套件的列表时,两个套接字都支持一堆套件。 我已经在Windows 7 64bit上使用最新的JDK对它进行了测试。

更新:

我只是使用教程从头开始程序的服务器部分,并且神奇地起作用了……我不知道为什么,但是似乎我应该使用尽可能多的标准实现。 我对布鲁诺(Bruno)声名远扬,因为他在工作中付出了最大的努力。

trans by 2020-08-08T20:06:23Z

winapi-在Windows上使用SSL支持构建libcurl

我在Win32 C ++应用程序中使用libcurl。

我将curllib.vcproj项目添加到我的解决方案中,并将其他项目设置为依赖它。

如何在启用SSL支持的情况下构建它?

trans by 2020-08-07T08:02:17Z

ssl-您可以使用带有自签名证书的服务人员吗?

我有用于测试的开发人员服务器。 它们具有SSL自签名证书,使我们可以通过HTTPS测试Web应用程序,但带有明显的警告,表明证书不可验证。

很好,但是我有一个服务人员,引发了navigator.serviceWorker.register错误

SecurityError:无法注册ServiceWorker:提取脚本时发生SSL证书错误。

如何将Service Worker与具有自签名证书的Intranet测试服务器一起使用?

trans by 2020-08-06T22:13:15Z

java-将密钥库密码从无密码更改为非空白密码

我有一个jks密钥库,没有密码。 当我运行命令

keytool -list -keystore mykeystore.jks

它提示我输入密钥库密码,我只需单击“ enter”。

请注意,密钥库密码不是默认的Java密码“ changeit”。 空白

当我尝试跑步时

keytool -storepasswd -keystore mykeystore.jks

将密码更改为非空白字符串。 它首先提示我输入当前密码。 只需按回车键,因为它是空白说

keytool -storepasswd -keystore mykeystore.jks
Enter keystore password:
Keystore password is too short - must be at least 6 characters 

只是要与所有人确认密码不是“ changeit”

keytool -storepasswd -keystore mykeystore.jks
Enter keystore password:  changeit
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

是否知道如果现有密码为空,如何更改密钥库密码?

trans by 2020-08-06T07:38:05Z

ssl-通过HTTPS加载非安全项目的Facebook JavaScript SDK

我有一个使用Facebook Connect.js的Facebook应用程序。

我正在通过HTTPS运行我的应用程序。 该网站上的所有内容均从http://static.ak.facebook.com/connect/canvas_proxy.php交付,但某些内容必须包含在Facebook的Connect.js

问题是我收到警告消息,指出页面内有不安全的物品。

我已经使用Chrome的“开发工具” /“网络”标签检查了正在加载的脚本,以查看正在加载的文件以及从何处加载文件。

我唯一看到的是通过HTTP而不是通过HTTPS加载的是一个名为http://static.ak.facebook.com/connect/canvas_proxy.php的文件。

如何强制此文件使用HTTPS?

trans by 2020-08-06T01:01:43Z

带有WSGI的Apache2上的SSL

我试图在我维护的Django站点上设置SSL,但是用SSL设置VirtualHost时遇到了一些麻烦。 我按照此处的说明进行操作,但是每次尝试重新启动apache时,都会告诉我由于多个虚拟主机使用同一wsgi配置而无法重新启动:

/etc/init.d/apache2 reload
Syntax error on line 33 of /etc/apache2/sites-enabled/www.mydomain.com:
Name duplicates previous WSGI daemon definition.
...fail!

我了解正在发生的事情,而不是如何解决它。 任何建议表示赞赏,谢谢! 这是我的VirutalHosts文件的样子:

<VirtualHost *:80>
    ServerAdmin my@email.com
    ServerName mydomain.com
    ServerAlias www.mydomain.com
    DocumentRoot /sites/mydomain

    # WSGI Settings
    WSGIScriptAlias / /sites/mydomain/wsgi_handler.py
    WSGIDaemonProcess mydomain user=myuser group=mygroup processes=1 threads=1
    WSGIProcessGroup mydomain

    # Static Directories
    Alias /static /sites/mydomain/static/
    <Location "/static">
            SetHandler None
    </Location>

    Alias /img /sites/mydomain/img/
    <Location "/img">
            SetHandler None
    </Location>

</VirtualHost>

<VirtualHost *:443>
    ServerAdmin my@email.com
    ServerName mydomain.com
    ServerAlias www.mydomain.com
    DocumentRoot /sites/mydomain

    # WSGI Settings
    WSGIScriptAlias / /sites/mydomain/wsgi_handler.py
    WSGIDaemonProcess mydomain user=myuser group=mygroup processes=1 threads=1
    WSGIProcessGroup mydomain

    # Static Directories
    Alias /static /sites/mydomain/static/
    <Location "/static">
            SetHandler None
    </Location>

    Alias /img /sites/mydomain/img/
    <Location "/img">
            SetHandler None
    </Location>

    # SSL Stuff
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/crt/vhost1.crt
    SSLCertificateKeyFile /etc/apache2/ssl/key/vhost1.key
    <Location />
            SSLRequireSSL On
            SSLVerifyClient optional
            SSLVerifyDepth 1
            SSLOptions +StdEnvVars +StrictRequire
    </Location>
</VirtualHost>
trans by 2020-08-02T21:43:43Z

apache-如何在使用虚拟主机时在XAMPP中使用https(SSL)

我在本地计算机上编写了一个php应用程序,想测试一下SSL是否正常工作。 忍受我,因为这是我第一次使用SSL。

到目前为止,这是我所做的:

  1. 创建了SSL证书。 我按照本教程的第一部分创建证书。
  2. 我将LoadModule ssl_module modules/mod_ssl.so文件导入了chrome。
  3. httpd.conf中删除了LoadModule ssl_module modules/mod_ssl.so前面的分号(参考)
  4. 根据此页面编辑了我的LoadModule ssl_module modules/mod_ssl.so文件。 该文件的相关部分如下。 这是完整的文件:[http://pastebin.com/k6Jh2eR6]
    LoadModule ssl_module modules/mod_ssl.so

我通常会通过输入LoadModule ssl_module modules/mod_ssl.so来访问我的项目

当尝试通过在Chrome中键入LoadModule ssl_module modules/mod_ssl.so来访问我的项目时,我会自动转发至httpd.conf(好像XAMPP根本不将https://project_one.localhost识别为子域一样,就好像我在键入https://localhost一样对待) 向上?

注意:

  • LoadModule ssl_module modules/mod_ssl.sohttpd.conf文件中未注释
trans by 2020-08-02T17:58:34Z

java-CertificateException:找不到与ssl.someUrl.de匹配的名称

我正在尝试使用Java通过ssl连接到我的一台服务器。 我尝试了很多选择,这是我的最佳尝试:

我使用推荐脚本生成了jssecacerts:[http://blogs.oracle.com/andreas/resource/InstallCert.java]使用以下命令:java InstallCert ssl.someUrl.de changeit

之后,我第二次执行了命令:

Loading KeyStore jssecacerts...
Opening connection to ssl.someUrl.de:443...
Starting SSL handshake...

No errors, certificate is already trusted

Server sent 1 certificate(s):

 1 Subject EMAILADDRESS=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Hernd
on, ST=Virginia, C=US
   Issuer  EMAILADDRESS=info@plesk.com, CN=plesk, OU=Plesk, O=Parallels, L=Hernd
on, ST=Virginia, C=US
   sha1    f1 0d 2c 54 05 e1 32 19 a0 52 5e e1 81 6c a3 a5 83 0d dd 67
   md5     f0 b3 be 5e 5f 6e 90 d1 bc 57 7a b2 81 ce 7d 3d

Enter certificate to add to trusted keystore or 'q' to quit: [1]

我将文件复制到默认目录,并将证书加载到Java trustStore中

System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files (x86)\\Java\\jre6\\lib\\security\\jssecacerts");
System.setProperty("javax.net.ssl.trustStorePassword","changeit");

然后我尝试连接

URL url = new URL("https://ssl.someUrl.de/");
URLConnection conn = url.openConnection();
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));

我在第三行出现错误:(找不到与ssl.someUrl.de匹配的名称)

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching ssl.someUrl.de found

这是默认的plesk证书的原因还是其他原因?

设置:JRE 6.20,Netbeans 6.8,Windows7 64位

trans by 2020-07-28T18:07:46Z

ssl-Java和HTTPS URL连接,无需下载证书

此代码连接到HTTPS站点,我假设我没有验证证书。 但是,为什么我不必在本地为该站点安装证书? 我是否应该不必在本地安装证书并为该程序加载证书,还是应将其下载到幕后? 客户端到远程站点之间的通信是否仍在传输中加密?

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.Reader;
import java.net.URL;
import java.net.URLConnection;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class TestSSL {

    public static void main(String[] args) throws Exception {
        // Create a trust manager that does not validate certificate chains
        TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
            public void checkClientTrusted(X509Certificate[] certs, String authType) {
            }
            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }
        } };
        // Install the all-trusting trust manager
        final SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        // Create all-trusting host name verifier
        HostnameVerifier allHostsValid = new HostnameVerifier() {
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        };

        // Install the all-trusting host verifier
        HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);

        URL url = new URL("https://www.google.com");
        URLConnection con = url.openConnection();
        final Reader reader = new InputStreamReader(con.getInputStream());
        final BufferedReader br = new BufferedReader(reader);        
        String line = "";
        while ((line = br.readLine()) != null) {
            System.out.println(line);
        }        
        br.close();
    } // End of main 
} // End of the class //
trans by 2020-07-26T08:58:36Z

perl-如何获得LWP来验证SSL服务器证书?

如何获得LWP以验证所连接的服务器的证书是否已由受信任的授权机构签名并颁发给了正确的主机? 据我所知,它甚至不检查证书是否声称我正在连接的主机名。 这似乎是一个主要的安全漏洞(尤其是最近的DNS漏洞)。

更新:原来我真正想要的是HTTPS_CA_DIR,因为我没有ca-bundle.crt。 但是HTTPS_CA_FILE做到了。 无论如何,我都将答案标记为已接受,因为它足够接近。

更新2:事实证明HTTPS_CA_DIRHTTPS_CA_FILE仅在您将Net :: SSL用作基础SSL库时才适用。 但是LWP也可以与IO :: Socket :: SSL一起使用,无论它提供什么证书,它都会忽略那些环境变量并愉快地与任何服务器通信。 有更通用的解决方案吗?

更新3:不幸的是,解决方案仍未完成。 Net :: SSL或IO :: Socket :: SSL都没有根据证书检查主机名。 这意味着某人可以获得某个域的合法证书,然后假冒任何其他域而不会抱怨LWP。

更新4:LWP 6.00最终解决了该问题。 请参阅我的答案以获取详细信息。

trans by 2020-07-25T18:14:20Z

curl:(35)错误:1408F10B:SSL例程:ssl3_get_record:版本号错误

当我尝试使用curl(或libcurl)连接到任何服务器(例如google.com)时,出现错误消息:

curl:(35)错误:1408F10B:SSL例程:ssl3_get_record:版本号错误

详细输出:

$ curl www.google.com --verbose  
* Rebuilt URL to: www.google.com/  
* Uses proxy env variable no_proxy == 'localhost,127.0.0.1,localaddress,.localdomain.com'  
* Uses proxy env variable http_proxy == 'https://proxy.in.tum.de:8080'  
*   Trying 131.159.0.2...  
* TCP_NODELAY set  
* Connected to proxy.in.tum.de (131.159.0.2) port 8080 (#0)  
* successfully set certificate verify locations:  
*   CAfile: /etc/ssl/certs/ca-certificates.crt  
  CApath: none  
* TLSv1.3 (OUT), TLS handshake, Client hello (1):  
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number  
* Closing connection 0  
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number'  

出于某种原因,curl似乎使用TLSv1.3,即使我通过--tlsv1.2命令强制它使用TLSv1.2(它仍然会打印TLSv1.3(OUT),...”我正在使用Curl和OpenSSL的最新版本:

$ curl -V  
curl 7.61.0-DEV (x86_64-pc-linux-gnu) libcurl/7.61.0-DEV OpenSSL/1.1.1 zlib/1.2.8  
Release-Date: [unreleased]  
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp  
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP UnixSockets HTTPS-proxy  

我认为这是与我安装程序有关的问题。有人可以向我解释此错误消息的含义吗?

trans by 2020-07-24T19:07:50Z

SSL和Kerberos身份验证之间的区别?

我试图了解SSL和Kerberos身份验证之间的实际区别是什么,以及为什么有时我同时拥有SSL流量和Kerberos。还是Kerberos以任何方式使用SSL?

有人可以帮忙吗?谢谢!

trans by 2020-07-22T13:55:08Z

1 2 3 4 5 6 7 8 9 10 11 12 下一页 共12页