SSl と仲良くなるやり方

Transcript

1. ࡾπ໦
   ݡҰ
   
   (.0
   1&1"#0
   JOD
   
   ϖύϘςοΫΧϯϑΝϨϯε 44-ͱ஥ྑ͘ͳΔ΍Γํ

2. ΠϯϑϥΤϯδχΞ ࡾπ໦ݡҰ
   
   !NJDLFZ ٕज़෦Πϯϑϥάϧʔϓ

3. ΠϯϑϥΤϯδχΞ ࡾπ໦ݡҰ
   
   !NJDLFZ ٕज़෦Πϯϑϥάϧʔϓ

4. Χϥʔϛʔγϣοϓ

5. None

6. 44-ͬͯͳΜͩΖ͏ʁ

7. None

8. 44-
   Λར༻͢Δͱ

9. ৘ใͷվ͟Μ

10. ৘ใͷ౪Έݟ

11. Λ๷͙ࣄ͕Ͱ͖·͢

12. ͜ΕΛͲ͏΍࣮ͬͯݱͨ͠ͷ͔ʁ

13. ࣮૷ͷঢ়گ wαϒυϝΠϯͷৗ࣌
    44-
    Խ
    wATIPQQSPKQA
    υϝΠϯ ͨͱ͑͹ɼFYBNQMFTIPQ QSPKQ
    ౳ ͷৗ࣌
    44-
    ԽΛߦ͍·͢ wಠࣗυϝΠϯ FYBNQMFDPN
    ౳ ͷৗ࣌
    44-
    Խ wಠࣗυϝΠϯ

    FYBNQMFDPN
    ౳ ͷৗ࣌
    44-
    Խ

14. શମͷߏ੒

15. ߏ੒ Ҏલͷߏ੒ ࠓͷߏ੒ -PBE#BMBODFS "QQMJDBUJPO
    4FSWFS "QQMJDBUJPO
    4FSWFS -PBE#BMBODFS 3FWFSTF
    

    1SPYZ 3FWFSTF
    1SPYZ "QQMJDBUJPO
    4FSWFS "QQMJDBUJPO
    4FSWFS

16. -PBE#BMBODFS 3FWFSTF
    1SPYZ 3FWFSTF
    1SPYZ "QQMJDBUJPO
    4FSWFS "QQMJDBUJPO
    4FSWFS ಛ௃

    -PBE#BMBODFS 3FWFSTF
    1SPYZ 3FWFSTF
    1SPYZ "QQMJDBUJPO
    4FSWFS "QQMJDBUJPO
    4FSWFS

17. 1SPYZΛஔ͍ͨཧ༝ wେྔͷূ໌ॻΛ؅ཧͨ࣌͠ɼϝϞϦফඅྔ͕૿͑ͯ͠·͏
    wେྔʹূ໌ॻΛಡΈࠐΉͷͰɼ̍ͭͷϓϩηε͋ͨΓ ͷϝϞϦফඅྔ͕૿͑·͢ ϓϩηε .BOBHFS ϓϩηε ϓϩηε

18. 1SPYZΛஔ͍ͨཧ༝ w"QBDIF
    ͸ϦΫΤετ͝ͱʹɼϓϩηε͕૿͑·͢
    wͳͷͰɼϓϩηε͕ଠ͍ͬͯΔͱશମͱͯ͠ϝϞϦফඅ ྔ͕૿͑·͢ ϓϩηε .BOBHFS ϓϩηε ϓϩηε

19. 1SPYZΛஔ͍ͨཧ༝ wOHJOY
    ͩͱɼ୯ҰͷϓϩηεͰϦΫΤετΛॲཧ͢Δํ ࣜͷͳͷͰɼϝϞϦফඅྔ͕૿͑·ͤΜ
    w·ͨɼࠓޙɼಠࣗυϝΠϯͷৗ࣌
    44-
    ରԠͰɼ OHY@NSVCZ
    Λ༻͍ͨಈతͳূ໌ॻͷಡΈࠐΈΛߦ͍ͨ ͔͔ͬͨΒͰ͢

20. ͭͷ೰Έ͕͋Γ·ͨ͠

21. ύϑΥʔϚϯε

22. ύϑΥʔϚϯε΁ͷݒ೦ w1SPYZ
    ͷΦʔόʔϔου
    w1SPYZ
    ͱ
    "QQMJDBUJPO
    αʔόʔͷ௨৴͕༨ܭʹൃੜ͢Δࣄ ʹΑΔϨΠςϯγͷ૿Ճ
    w44-
    Խʹͱ΋ͳ͏Φʔόʔϔου
    w҉߸Խͱ෮߸ʹϦιʔεΛফඅ͢ΔࣄʹΑΔεϧʔϓοτͷ ௿Լ
    w44-
    ͷηογϣϯͷཱ֬ʹΑΔϨΠςϯγͷ૿Ճ

23. ҰͭҰͭݕূ͍͖ͯ͠·ͨ͠

24. ݕূํ๏ wෛՙࢼݧΛ࣮ࢪ͠ɼεϧʔϓοτͱϨΠςϯγΛௐࠪ͠·ͨ͠
    wෳ਺ͷαʔόʔ͔ΒෛՙΛ͔͚ΔͨΊɼ-0$645
    IUUQ MPDVTUJP
    ͱ͍͏πʔϧΛ༻͍·ͨ͠

25. 1SPYZ
    ʹΑΔΦʔόʔϔου w ݕূͨ݁͠Ռɼ΄ͱΜͲѱԽ ͠·ͤΜͰͨ͠
    w 1SPYZ
    ͱ
    "QQMJDBUJPO
    4FSWFS
    ͕ಉ͡
    %$
    ʹ͔͋ͬͨΒͰ͢ -PBE#BMBODFS 3FWFSTF
    1SPYZ

    3FWFSTF
    1SPYZ "QQMJDBUJPO
    4FSWFS "QQMJDBUJPO
    4FSWFS %BUB
    $FOUFS

26. ҉߸Խ෮߸ԽʹΑΔΦʔόʔϔου wௐࠪͨ͠ͱ͜Ζɼ҉߸Խͱ෮߸Խʹ
    
    
    ͙Β͍$16
    ར༻཰ ͕૿Ճ͢Δͱ͍͏͜ͱͰͨ͠ w࣮ࡍʹෛՙࢼݧΛͯ͠Έͨͱ͜Ζɼ1SPYZ
    ࣗମͷෛՙ͕େ ͖͘ͳΔ͜ͱ͸͋Γ·ͤΜͰͨ͠ IUUQTXXXJNQFSJBMWJPMFUPSHPWFSDMPDLJOHTTMIUNM

27. ࢒Γ͸ηογϣϯཱ֬ͷΦʔόʔϔου

28. ηογϣϯཱ֬ͷΦʔόʔϔου )551 44-
    )5514 GET / Client Server HTTP 3FTQPODF

    Client Hello TLS/SSL Session Establish Client Server Server Hello Certificate Server Key Exchange Server Hello Done Client Key Exchange Change Cipher Spec Finished Change Cipher Spec Finished GET / HTTP 3FTQPODF

29. ͲͷΑ͏ʹղফͨ͠ͷ͔

30. 4FTTJPO
    3FTVNQUJPO wҰ౓ཱ֬ͨ͠ηογϣϯΛ࠶ར༻͢ΔͨΊͷ࢓૊ΈͰ͢
    wҎԼͷछྨ͕͋Γ·͢
    wαʔόʔଆͰηογϣϯ৘ใΛ֮͑Δํࣜ
    w4FTTJPO
    $BDIF
    wΫϥΠΞϯτଆͰηογϣϯ৘ใΛ֮͑Δํࣜ
    w4FTTJPO
    5JDLFU

31. 4FTTJPO
    $BDIF w44-
    ͷηογϣϯͷཱ֬ʹඞཁͳ৘ใΛ
    $BDIF
    ͢Δ ΋ͷͰ͢
    wෳ਺ͷαʔόʔΛར༻͢ΔͳΒɼԿΒ͔ͷํ๏Ͱ
    $BDIF
    Λڞ༗͢Δඞཁ͕͋Γ·͢
    w/HJOY
    Ͱ͸ɼ͜ͷڞ༗ͷͨΊͷ࢓૊ʹରԠ͍ͯ͠· ͤΜ

32. 4FTTJPO
    5JDLFU w 4FSWFS
    ͕อଘ͢Δ
    ηογϣϯ৘ใΛ ҉߸Խͯ͠ɼΫϥΠΞϯτʹૹΓɼΫ ϥΠΞϯτ͕ηογϣϯΛΩϟογϡ ͢Δͱ͍͏࢓૊ΈͰ͢ Client Hello TLS/SSL Session

    Establish Client Server Server Hello Finished Finished New Session Ticket

33. 4FTTJPO
    5JDLFU w࠶։͢Δ࣌͸ɼ
    w$MJFOU
    ͕
    $MJFOU
    )FMMP
    ͱͱ ΋ʹ
    4FTTJPO
    5JDLFU
    Λ
    4FSWFS
    ʹૹΔ
    wͦͷޙɼෳ߹ͱݕূʹ੒ޭ͢ Ε͹ηογϣϯΛ࠶։͢Δ Client Hello TLS/SSL

    Session Establish Client Server Server Hello Change Cipher Spec Finished Change Cipher Spec Finished Session Ticket

34. 4FTTJPO
    5JDLFU
    LFZ
    ͷఆظతͳߋ৽ w4FTTJPO
    5JDLFU
    LFZ
    ͕࿙Ӯ͢Δͱɼ44-
    ௨৴͕ղಡͰ͖ͯ͠· ͍·͢
    w͜ͷͨΊɼ4FTTJPO
    5JDLFU
    LFZ
    ͸ɼ
    ೔ఔ౓Ͱߋ৽͢Δ͜ͱ͕ਪ ঑͞Ε͍ͯ·͢
    wגࣜձࣾϝϧΧϦͷ
    $POTVM
    Λར༻ͨ͠ࣄྫΛࢀߟʹ
    ̍೔ຖʹߋ ৽͍ͯ͠·͢ IUUQUFDINFSDBSJDPNFOUSZ

35. ݁Ռ

36.          

                  ৗ࣌44-Խ͍ͯ͠ͳ͍αʔό ৗ࣌44-Խͨ͠αʔό ݱ࣮ͷύϑΥʔϚϯε w44-
    Խ͢Δલͱಉ౳ͱϨΠςϯγʹͳΓ·ͨ͠

37. 44-ͷධՁ w44-
    Λ҆શੑͳͲͰධՁͨ͠ͱ͜Ζɼ"
    Ͱͨ͠

38. ·ͱΊ

39. ·ͱΊ w44-
    ͱ஥ྑ͘͢Δʹ͸͍͔ͭ͘ͷίπ͕ඞ༻Ͱ͢
    w͜ͷൃදͰ͸ɼେྔͷূ໌ॻΛѻ͏ͳΒɼOHJOY
    Λར༻ͨ͠΄͏͕ྑ͍͜ ͱ
    w·ͨɼOHY@NSVCZ
    Λར༻͢Ε͹ɼಈతʹূ໌ॻΛಡΈࠐΊΔ͜ͱ
    wύϑΥʔϚϯεΛམͱ͞ͳ͍ͨΊʹ
    4FTTJPO
    5DJLFU
    ౳Λར༻ͨ͠΄͏͕ྑ ͍
    wʹ͍ͭͯ঺հ͠·ͨ͠

40. ࠓޙ͸ wಠࣗυϝΠϯʹ͓͚Δৗ࣌
    44-
    ͷఏڙʹ޲͚ɼ։ൃΛਐΊ ͍͖ͯ·͢
    w·ͨɼͲ͔͜ͰɼಠࣗυϝΠϯͷ࣌ͷ޻෉Λ঺հͰ͖ͨΒͱ ࢥ͍·͢