Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
コピペでQualys SSL Server Test A+ ゲットだぜ!
Search
atpons
September 25, 2016
Programming
180
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
コピペでQualys SSL Server Test A+ ゲットだぜ!
設定の見直し
atpons
September 25, 2016
More Decks by atpons
See All by atpons
食べログのサーキットブレーカー導入を振り返って
atpons
1
200
TLSから見るSREの未来
atpons
3
790
Securing Credentials for Package Manager and Bundler
atpons
0
240
AWS Organizations で実現する、 マルチ AWS アカウントのルートユーザー管理からの脱却
atpons
1
740
Other Decks in Programming
See All in Programming
TSKaigi Night Talks 2026_TypeScriptでサプライチェーンの整合性を型に閉じ込める
geekplus_tech
0
420
代数的データ型って何が嬉しいの? #frontend_phpcon_do
kajitack
8
3.8k
ローカルLLMでどこまでコードが書けるか -縮小版 / How much code can be written on a local LLM Shortened
kishida
2
120
AIで効率化できた業務・日常
ochtum
0
160
ランチタイムLT会3周年!ランチタイムLT会を3年間続けられたお話
y0hgi
1
120
ECSアプリログをFireLensでコスト削減しようとしたけど諦めた話 in Fargate×Node.js
akihisaikeda
2
4.2k
さぁV100、メモリをお食べ・・・
nilpe
0
160
Datadog LLM Observabilityで実現する 安全なLLM Usage 管理
3150
0
130
Go1.27で導入されるジェネリクスメソッドでできること
mackee
0
210
Javaの型とAI時代に型が大事な理由 / java types and type in AI era
kishida
2
160
鹿野さんに聞く!『TypeScriptコードレシピ集』で磨く実践力
tonkotsuboy_com
4
910
ローカルLLMでどこまでコードが書けるか -拡張版 / How much code can be written on a local LLM Extended
kishida
12
4.5k
Featured
See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.3k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
67
55k
The Mindset for Success: Future Career Progression
greggifford
PRO
0
370
Game over? The fight for quality and originality in the time of robots
wayneb77
1
210
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5.9k
Leading Effective Engineering Teams in the AI Era
addyosmani
9
2.1k
Into the Great Unknown - MozCon
thekraken
41
2.6k
Building Applications with DynamoDB
mza
96
7.1k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
signer
PRO
0
3.6k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2.1k
Deep Space Network (abreviated)
tonyrice
0
220
What does AI have to do with Human Rights?
axbom
PRO
1
2.2k
Transcript
ίϐϖͰQualys SSL Server Test A+ ήοτͩͥʂ atpons @ IGGG Meetup
2016 Summer
ࣗݾհ
atpons / ϙϯਣ
https://atpons.com/ ϗεςΟϯά࣌ͷݟ
Έͳ͞Μ SSL ͯ͠·͔͢ʁ
Έͳ͞Μ TLS ͯ͠·͔͢ʁ
None
҆શͳଓ
ੲͷৗࣝ
ূ໌ॻߴ͍
ࠓͷৗࣝ
None
ແྉͷূ໌ॻ
ςετڥ
- Ubuntu 16.04.1 LTS - Apache/2.4.18 (Ubuntu) - $ sudo
letsencrypt —-apache ࡁ ˎˎˎˎˎˎˎˎˎˎ on DigitalOcean
ͳɺͳΜͩͬͯʁ
ʮnginxʯͩͱʁ
;ɺ;͚͟Δͳ ✊
ʮApacheʯͰ ѹత
SSL/TLSͷ੬ऑੑ
Heartbleed POODLE etc…
HTTPSαʔό ઃఆͷॏཁੑ
SSL/TLS ༗ޮ͚ͩͰ ҙຯ͕ͳ͍
ݹ͍ Cipher SuiteͰ ҙຯ͕ͳ͍
Cipher Suite ʹԿΛબͿ 5-4పఈԋश4QFBLFS%FDLIUUQTTQFBLFSEFDLDPNTIJHFLJUMTDIFEJZBOYJΑΓҾ༻ ࠓ5-4ʹԿΛ͏ʁ 伴ަ 34" 'PSXBSE4FDSFDZ %)& &$%)&
σδλϧॺ໊ 34" %44 %4" &$%4" ର҉߸ %&4 3$ "&4 $IB$IB ͦͷଞ ҉߸Ϟʔυ $#$ "&"% $$. ($. 1PMZ ϝοηʔδೝূ ʢϋογϡʣ .% 4)" 4)" 4)" ɿΘͳ͍ɺԫɿҙɺɿࠓͷͱ͜Ζͬͯେৎ ҙɺ҉߸ֶతҙͱকདྷతʹීٴ͕ݟࠐ·Εͳ͍ҙؚ·Ε·͢ ͪͳΈʹɺ ྔࢠίϯϐϡʔλͰ伴ަɺσδλ ϧॺ໊શ෦Ξτʂ Cipher Suite
HTTPSαʔόςετͷ ॏཁੑ
Qualys SSL Server Test
Qualys SSL Server Test
ͱΓ͋͑ͣ͜͜Ͱ A+ औͬͯQiitaʹࡌͤ Ε͍͍ΜͰ͠ΐ
None
HTTPSαʔό ઃఆͩΔ͍ʁ
ྑ͍ײ͡ͷ configΛు͘
Mozilla SSL Configuration Generator
https://mozilla.github.io/ server-side-tls /ssl-config-generator/
σϞ
Demo • Mozilla SSL Configuration Generator • Apache / Intermediate
/ HSTS Enabled • Cipher Suite • ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE- ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA- AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE- RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256- SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3- SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM- SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- SHA:AES256-SHA:DES-CBC3-SHA:!DSS
Qualys SSL Server Test
A+ήοτͩͥʂ
Conclusion • A+ ධՁΛಘΔͨΊʹϓϩτίϧCipher Suiteͷ ݟ͕͠ඞཁ • ࠓޙHTTP/2ߦ͘ͳΒTLS 1.2͕ཁ݅ʹͳ͍ͬͯΔ •
͋͘·ͰHTTPSαʔόͷSSL/TLSͷݕূ • Webαʔόࣗମͷ੬ऑੑɼXSSͱ͔ɼҰൠతͳη ΩϡϦςΟରࡦඞཁͰ͢ʢࠓճলུ͍ͯ͠·͢ʣ
Conclusion • Let’s Encrypt • DVূ໌ॻͳͷͰݸਓϢʔε͚ͩΑͶ • 90Ͱͷߋ৽͕ඞཁͳͷͰͦͷ࡞ۀͷࣗಈ ԽΛΕΔͱࠔΔ •
ͪΖΜcronͰࣗಈԽʙ
ࢀߟจݙ • TLSపఈԋश • https://speakerdeck.com/shigeki/tlsche-di- yan-xi