Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
コピペでQualys SSL Server Test A+ ゲットだぜ!
Search
atpons
September 25, 2016
Programming
180
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
コピペでQualys SSL Server Test A+ ゲットだぜ!
設定の見直し
atpons
September 25, 2016
More Decks by atpons
See All by atpons
食べログのサーキットブレーカー導入を振り返って
atpons
1
200
TLSから見るSREの未来
atpons
3
790
Securing Credentials for Package Manager and Bundler
atpons
0
240
AWS Organizations で実現する、 マルチ AWS アカウントのルートユーザー管理からの脱却
atpons
1
740
Other Decks in Programming
See All in Programming
Mujeres en SEO Summit 2026 - Greatest Disaster Hits en Web Performance
guaca
0
220
「AIで開発し、AIを届ける」をEvalでつなぐ 〜AIネイティブに始めるプロダクト開発の実践〜 / Connecting "Develop with AI, deliver AI" with Eval
rkaga
4
5.5k
1B+ /day規模のログを管理する技術
broadleaf
0
120
スマートグラスで並列バイブコーディング
hyshu
0
270
Inside Stream API
skrb
1
810
AIキャラアプリkaiwaの低遅延音声通話基盤をどう作ったか - AWS Gravitonで支える低遅延・低コストAI Agent基盤
mogamit
0
140
act1-costs.pdf
sumedhbala
0
130
TypeScript+Orvalで実現する型安全かつ堅牢でスケーラブルなマルチチャネル通知基盤 / TSKaigi Night talks ~after conference~
d0riven
0
370
LLM本来の能力を解き放つサンドボックス技術とAI民主化への適用
yukukotani
3
4.7k
LLMによるContent Moderationの本番運用の裏側と品質担保への挑戦
suikabar
3
800
Spec Driven Development | AI Summit Lisbon
danielsogl
PRO
0
220
はてなアカウント基盤 State of the Union
cockscomb
1
1.1k
Featured
See All Featured
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
uxyall
1
1.8k
Side Projects
sachag
455
43k
RailsConf 2023
tenderlove
30
1.5k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.7k
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
auna
0
170
Applied NLP in the Age of Generative AI
inesmontani
PRO
4
2.3k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
740
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.3k
Design of three-dimensional binary manipulators for pick-and-place task avoiding obstacles (IECON2024)
konakalab
0
480
Fashionably flexible responsive web design (full day workshop)
malarkey
408
66k
How to Think Like a Performance Engineer
csswizardry
28
2.7k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
420
Transcript
ίϐϖͰQualys SSL Server Test A+ ήοτͩͥʂ atpons @ IGGG Meetup
2016 Summer
ࣗݾհ
atpons / ϙϯਣ
https://atpons.com/ ϗεςΟϯά࣌ͷݟ
Έͳ͞Μ SSL ͯ͠·͔͢ʁ
Έͳ͞Μ TLS ͯ͠·͔͢ʁ
None
҆શͳଓ
ੲͷৗࣝ
ূ໌ॻߴ͍
ࠓͷৗࣝ
None
ແྉͷূ໌ॻ
ςετڥ
- Ubuntu 16.04.1 LTS - Apache/2.4.18 (Ubuntu) - $ sudo
letsencrypt —-apache ࡁ ˎˎˎˎˎˎˎˎˎˎ on DigitalOcean
ͳɺͳΜͩͬͯʁ
ʮnginxʯͩͱʁ
;ɺ;͚͟Δͳ ✊
ʮApacheʯͰ ѹత
SSL/TLSͷ੬ऑੑ
Heartbleed POODLE etc…
HTTPSαʔό ઃఆͷॏཁੑ
SSL/TLS ༗ޮ͚ͩͰ ҙຯ͕ͳ͍
ݹ͍ Cipher SuiteͰ ҙຯ͕ͳ͍
Cipher Suite ʹԿΛબͿ 5-4పఈԋश4QFBLFS%FDLIUUQTTQFBLFSEFDLDPNTIJHFLJUMTDIFEJZBOYJΑΓҾ༻ ࠓ5-4ʹԿΛ͏ʁ 伴ަ 34" 'PSXBSE4FDSFDZ %)& &$%)&
σδλϧॺ໊ 34" %44 %4" &$%4" ର҉߸ %&4 3$ "&4 $IB$IB ͦͷଞ ҉߸Ϟʔυ $#$ "&"% $$. ($. 1PMZ ϝοηʔδೝূ ʢϋογϡʣ .% 4)" 4)" 4)" ɿΘͳ͍ɺԫɿҙɺɿࠓͷͱ͜Ζͬͯେৎ ҙɺ҉߸ֶతҙͱকདྷతʹීٴ͕ݟࠐ·Εͳ͍ҙؚ·Ε·͢ ͪͳΈʹɺ ྔࢠίϯϐϡʔλͰ伴ަɺσδλ ϧॺ໊શ෦Ξτʂ Cipher Suite
HTTPSαʔόςετͷ ॏཁੑ
Qualys SSL Server Test
Qualys SSL Server Test
ͱΓ͋͑ͣ͜͜Ͱ A+ औͬͯQiitaʹࡌͤ Ε͍͍ΜͰ͠ΐ
None
HTTPSαʔό ઃఆͩΔ͍ʁ
ྑ͍ײ͡ͷ configΛు͘
Mozilla SSL Configuration Generator
https://mozilla.github.io/ server-side-tls /ssl-config-generator/
σϞ
Demo • Mozilla SSL Configuration Generator • Apache / Intermediate
/ HSTS Enabled • Cipher Suite • ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE- ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA- AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM- SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE- RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256- SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA- AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128- SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3- SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM- SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- SHA:AES256-SHA:DES-CBC3-SHA:!DSS
Qualys SSL Server Test
A+ήοτͩͥʂ
Conclusion • A+ ධՁΛಘΔͨΊʹϓϩτίϧCipher Suiteͷ ݟ͕͠ඞཁ • ࠓޙHTTP/2ߦ͘ͳΒTLS 1.2͕ཁ݅ʹͳ͍ͬͯΔ •
͋͘·ͰHTTPSαʔόͷSSL/TLSͷݕূ • Webαʔόࣗମͷ੬ऑੑɼXSSͱ͔ɼҰൠతͳη ΩϡϦςΟରࡦඞཁͰ͢ʢࠓճলུ͍ͯ͠·͢ʣ
Conclusion • Let’s Encrypt • DVূ໌ॻͳͷͰݸਓϢʔε͚ͩΑͶ • 90Ͱͷߋ৽͕ඞཁͳͷͰͦͷ࡞ۀͷࣗಈ ԽΛΕΔͱࠔΔ •
ͪΖΜcronͰࣗಈԽʙ
ࢀߟจݙ • TLSపఈԋश • https://speakerdeck.com/shigeki/tlsche-di- yan-xi